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Foreword 


Dependent type theory, the subject of this book, is a wonderfully beguiling, and aston- 
ishingly effective, unification of mathematics and programming. In type theory when 
you prove a theorem you are writing a program to meet a specification—and you can 
even run it when you are done! A proof of the fundamental theorem of arithmetic 
amounts to a program for factoring numbers. And it works the other way as well: every 
program is a proof that its specification is sensible enough to be implementable. Type 
theory is a hacker’s paradise. 

And yet, for many, type theory remains an esoteric world of sacred texts, revered 
figures, and arcane terminology—a hermetic realm out of the novels of Umberto Eco. 
Be mystified no longer! My colleagues Dan Friedman and David Christiansen reveal 
the secrets of type theory in an engaging, organic style that is both delightful and 
enlightening, particularly for those for whom running code is the touchstone of rigor. 
You will learn about normal forms, about canonization, about families of types, about 
dependent elimination, and even learn the ulterior motives for induction. 

When you are done, you will have reached a new level of understanding of both 
mathematics and programming, gaining entrance to what is surely the future of both. 
Enjoy the journey, the destination is magnificent! 


Robert Harper 
Pittsburgh 
February, 2018 
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Preface 


A program’s type describes its behavior. Dependent types are a first-class part of a 
language, which makes them vastly more powerful than other kinds of types. Using just 
one language for types and programs allows program descriptions to be just as powerful 
as the programs that they describe. 

If you can write programs, then you can write proofs. This may come as a surprise— 
for most of us, the two activities seem as different as sleeping and bicycling. It turns 
out, however, that tools we know from programming, such as pairs, lists, functions, 
and recursion, can also capture patterns of reasoning. An understanding of recursive 
functions over non-nested lists and non-negative numbers is all you need to understand 
this book. In particular, the first four chapters of The Little Schemer are all that’s 
needed for learning to write programs and proofs that work together. 

While mathematics is traditionally carried out in the human mind, the marriage 
of math and programming allows us to run our math just as we run our programs. 
Similarly, combining programming with math allows our programs to directly express 
why they work. 

Our goal is to build an understanding of the important philosophical and mathemat- 
ical ideas behind dependent types. The first five chapters provide the needed tools to 
understand dependent types. The remaining chapters use these tools to build a bridge 
between math and programming. The turning point is chapter 8, where types become 
statements and programs become proofs. 

Our little language Pie makes it possible to experiment with these ideas, while 
still being small enough to be understood completely. The implementation of Pie is 
designed to take the mystery out of implementing dependent types. We encourage you 
to modify, extend, and hack on it—you can even bake your own Pie in the language of 
your choice. The first appendix, The Way Forward, explains how Pie relates to fully- 
featured dependently typed languages, and the second appendix, Rules Are Made to 
Be Spoken, gives a complete description of how the Pie implementation works. Pie is 
available from http: //thelittletyper.com. 
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Guidelines for the Reader 


Do not rush through this book. Read carefully, including the frame notes; valuable 
hints are scattered throughout the text. Read every chapter. Remember to take breaks 
so each chapter can sink in. Read systematically. If you do not fully understand one 
chapter, you will understand the next one even less. The questions are ordered by 
increasing difficulty; later questions rely on comfort gained earlier in the book. 


xii Preface 


Guess! This book is based on intuition, and yours is as good as anyone’s. Also, 
if you can, experiment with the examples while you read. The Recess that starts on 
page 62 contains instructions for using Pie. 

From time to time, we show computation steps in a chart. Stop and work through 
each chart, even the long ones, and convince yourself that each step makes sense by 
understanding why it makes sense. 

The Laws and Commandments summarize the meanings of expressions in Pie. 
Laws describe which expressions are meaningful, and Commandments describe which 
expressions are the same as others. For a Commandment to apply, it is assumed that 
the corresponding Laws are satisfied. 

Food appears in some examples for two reasons. First, food is easier to visualize 
than abstract symbols. We hope the food imagery helps you to better understand the 
examples and concepts. Second, we want to provide a little distraction. Expanding your 
mind can be tiring; these snacks should help you get through the afternoon. As such, 
we hope that thinking about food will lead you to take some breaks and relax. 

You are now ready to start. Good luck! We hope you enjoy the book. 


Bon appétit! 


Daniel P. Friedman 
Bloomington, Indiana 


David Thrane Christiansen 
Portland, Oregon 
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Welcome back! 


It’s good to be here! 


Let’s dust off and update some of our old 
toys for a new language called Pie. 


Is it obvious that this is an Atom? 
‘atom 


To be an Atom is to be an atom.! 


tin Lisp, atoms are symbols, numbers, and 
many other things. Here, atoms are only symbols. 


Is it obvious that this is an Atom? 
‘ratatouille 


Atoms are built from a tick mark 
directly followed by one or more letters 
and hyphens. 


‘In Pie, only atoms use the tick mark. 


Not at all. What does Atom mean? 


Then 'atom is an Atom because 'atom is 
an atom. 


Yes, because 'ratatouille is also an atom. 


But what does it precisely mean to be an 
atom? 


" So, is it obvious that 


‘is-it-obvious-that-this-is-an-atom 
is an Atom? 


Certainly, because atoms can contain 
hyphens. 


What about 


Are they atoms? 
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is an atom because hyphens can appear 
anywhere in an atom; 


is not an atom because it’s missing the 
tick mark; and 
' 


is not an atom because it is neither 
followed by a letter nor by a hyphen. 
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Is "Atom an Atom? Yes, even 'Atom is an Atom, because it is 
a tick mark followed by one or more 
letters or hyphens. 


Is 'atOm an Atom? No, because atoms can contain only 
letters and hyphens, as mentioned in 
frame 5, and the character 0 is not a 
letter. It is the digit zero. 


Is 'coeurs-d-artichauts an Atom? Yes, because ce is a letter. 
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Is '&toyov an Atom? That’s Greek to me! 


But Greek letters are letters, so it must 
also be an Atom. 


The Law of Tick Marks 


A tick mark directly followed by one or more 
letters and hyphens is an Atom. 


Sentences such as " What is the point of a judgment? 
‘ratatouille is an Atom 

and 
‘coeurs-d-artichauts is an Atom 


are called judgments.! 


iThanks, Per Martin-Léf (1942-). 


4 Chapter 1 


A judgment is an attitude that a person 
takes towards expressions. When we 
come to know something, we are making 
a judgment. 


What can be judged about Atom and 
‘courgette? 


2 
‘courgette is an Atom. 


A form of judgment is an observation 
with blank spaces in it, such as 


isa 


Are there other forms of judgment? 


Another form of “judgment” is 
“judgement.” 


Is 
‘ratatouille 


the same 


Very funny. 


Yes. 


They are the same Atom because both 
have the same letters after the tick mark. 


Atom 
as 
‘ratatouille? 
Is " No. 
“ratatoullle They have different letters after the tick 
the same trina 
Atom 
45 
"baguette? 
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The Commandment of Tick Marks 


Two expressions are the same Atom if their values are tick 
marks followed by identical letters and hyphens. 


The second form of judgment is that 


is the same as 


So 
‘citron is the same Atom as ‘citron 
is a judgment. 


It is a judgment, and we have reason to 
believe it. 
Is 

‘pomme is the same Atom as ‘orange 
a judgment? 


It is a judgment, but we have no reason 
to believe it. After all, one should not 
compare apples and oranges. 


Is it obvious that 

(cons 'ratatouille "baguette)! 
isa 

(Pair Atom Atom)? 


tWhen ready, see page 62 for “typing” instruc- 
tions. 


To bea 

(Pair Atom Atom) 
is to be a pair whose car is an Atom, like 
‘ratatouille, and whose cdr is also an 
Atom, like 'baguette. 


20 


No, it isn’t. 


What does it mean to be a 
(Pair Atom Atom)? 


The names cons, car, and cdr seem 
familiar. What do they mean again? 
And what do they have to do with pairs? 


Chapter 1 


A pair begins with cons! and ends with 
two more parts, called its car and its cdr. 


Hn Lisp, cons is used to make lists longer. Here, 
cons only constructs pairs. 


Neither cons nor Pair alone is even an 
expression. Both require two arguments.+ 


Is 
(cons ‘ratatouille "baguette) 
the same 
(Pair Atom Atom) 
as 
(cons "ratatouille "baguette)? 
tn Lisp, cons is a procedure and has meaning 


on its own, but forms such as cond or lambda are 
meaningless if they appear alone. 


Okay. That means that 
(cons 'ratatouille 'baguette) 
isa 
(Pair Atom Atom) 


because (cons ‘ratatouille "baguette) is a 
pair whose car is an Atom, and whose cdr 
is also an Atom. 


Is cons a Pair, then? 


What does it mean for two expressions 
to be the same 


(Pair Atom Atom)? 


It means that both cars are the same 
Atom and that both cdrs are the same 
Atom. 


° Then 


(cons 'ratatouille baguette) 
is indeed the same 

(Pair Atom Atom) 
as 

(cons ‘ratatouille 'baguette). 
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Is 

(cons "ratatouille "baguette) 
the same 

(Pair Atom Atom) 
as 

(cons "baguette "baguette)? 


How can 
(cdr 
(cons 'ratatouille "baguette)) 


be described? 


24 


% 


The car of 
(cons ‘ratatouille 'baguette) 
is 'ratatouille, while the car of 
(cons 'baguette 'baguette) 
is baguette, 


So we have no reason to believe that 
they are the same (Pair Atom Atom). 


It is an 
Atom. 


Expressions that describe other 
expressions, such as Atom, are called 
types. 


Is (Pair Atom Atom)! a type? 


When a name, such as Pair or Atom, refers to 
a type, it starts with an upper-case letter. 


The third form of judgment is 
is a type. 


Yes, because it describes pairs where the 
car and cdr are both Atoms. 


This means that both 
Atom is a type 
and 
(Pair Atom Atom) is a type 


are judgments. 


Atom is a type. 


The Law of Atom 


Chapter 1 


Is 
‘courgette is a type 
a judgment? 


It is a judgment, but we have no reason 
to believe it because 'courgette doesn’t 
describe other expressions. 


Are Atom and Atom the same type? 


The fourth and final form of judgment is 


and are the same type. 


: Presumably. They certainly look like 


they should be. 


0 
Ah, so 


Atom and Atom are the same type 


is a judgment, and we have reason to 
believe it. 


ls isa Fs 2. 


3. is a type. 4, 


is the same 


The Four Forms of Judgment 


as . 


and are the same type. 


Is this a judgment? 
Atom and (Pair Atom Atom) are the 
same type. 


Are 

(Pair Atom Atom) 
and 

(Pair Atom Atom) 
the same type? 


31 


Yes, it is a judgment, but there is no 
reason to believe it. 


* That certainly seems believable. 
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Judgments are acts of knowing, and 
believing is part of knowing. 


“Aren't judgments sentences? 


Sentences get their meaning from those 
who understand them. The sentences 
capture thoughts that we have, and 
thoughts are more important than the 
words we use to express them. 


Ah, so coming to know that 
(Pair Atom Atom) 
and 
(Pair Atom Atom) 
are the same type was a judgment? 


Tt was. 


Is "péche the same 'fruit as 'péche? 


Good question. 


Is 'péche a "fruit? 


No, it is not, because 
"fruit is a type 
is not believable. 


Some forms of judgment only make sense 
after an earlier judgment.t 


1 This earlier judgment is sometimes called a pre- 
supposition. 


To ask whether an expression is 
described by a type, one must have 
already judged that the supposed type is 
a type. To ask whether two expressions 
are the same according to a type, one 
must first judge that both expressions 
are described by the type.! 


What judgment is necessary before 
asking whether two expressions are the 
same type? 


}'To describe the expressions, the supposed type 
must also be a type. 


Which are these? 


"To ask whether two expressions are the 
same type, one must first judge that each 
expression is, in fact, a type. 


10 


Chapter 1 


Is 


(car 
(cons 'ratatouille "baguette)) 


the same 


This looks familiar. Presumably, car 
finds the car of a pair, so they are the 
same. 


Atom 
as 
‘ratatouille? 
Is * Tt must certainly be, because the cdr of 
(cdr the pair is "baguette. 
(cons ‘ratatouille 'baguette)) 
the same 
Atom 
as 
"baguette? 
So i (Pair Atom Atom), 
(car because 
(cons ; (cons 'aubergine 'courgette) 
(cons ‘aubergine 'courgette) , 7 7 . 
"tomato)) is a pair whose car is the Atom "aubergine 
. and whose cdr is the Atom 'courgette. 
Isa... 
Is "Yes, it is. 
(car 
(cdr 
(cons ‘ratatouille 
(cons 'baguette ‘olive-oil)))) 
the same 
Atom 
as 
"baguette? 
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Expressions that are written differently 
may nevertheless be the same, as seen in 
frames 39-41. One way of writing these 
expressions is more direct than the 
others. 


The normal form of an expression is the 
most direct way of writing it. Any two 
expressions that are the same have 
identical normal forms, and any two 
expressions with identical normal forms 
are the same. 


That question is incomplete. 


Sameness is always according to a type, 
so normal forms are also determined by a 
type. 


Yes, it is. 


Is 

(cons ‘ratatouille "baguette) 
a normal 

(Pair Atom Atom)?t 


1! Normal is short for in normal form. 


. ‘baguette certainly seems more direct 
than 
(car 
(cdr 
(cons ‘ratatouille 
(cons "baguette "olive-oil)))). 


“Is 'olive-oil the normal form of 
(cdr 
(cdr 
(cons ‘ratatouille 
(cons "baguette "olive-oil))))? 


* Ts ‘olive-oil the normal form of the Atom 


(cdr 
(cdr 
(cons ‘ratatouille 
(cons "baguette ‘olive-oil))))? 


Yes, (cons 'ratatouille "baguette) is 
normal. 


Does every expression have a normal 
form? 


12 


Chapter 1 


It does not make sense to ask whether an ” 


expression has a normal form without 
specifying its type. 


Given a type, however, every expression 
described by that type does indeed have 
a normal form determined by that type. 


If two expressions are the same according 
to their type, then they have identical 
normal forms. So this must mean that 
we can check whether two expressions 
are the same by comparing their normal 
forms! 


then they are the same. 


Normal Forms 


Given a type, every expression described by that type has 
a normal form, which is the most direct way of writing it. 
If two expressions are the same, then they have identical 
normal forms, and if they have identical normal forms, 


What is the normal form of 


(car 
(cons 
(cons ‘aubergine 'courgette) 
‘tomato))? 


What about the type? 


If the type is 
(Pair Atom Atom), 
then the normal form is 
(cons 'aubergine 'courgette). 


48 


Nice catch! 


The previous description of what it 
means to bea 


(Pair Atom Atom) 


is incomplete. It must mean ... 


... to be a pair whose car is an Atom, 
and whose cdr is also an Atom, or an 
expression that is the same as such a 


pair. 
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13 


Normal Forms and Types 


Sameness is always according to a type, so normal forms 
are also determined by a type. 


Is 
(car 
(cons 
(cons ‘aubergine 'courgette) 
‘tomato)) 


the same 
(Pair Atom Atom) 
as 
(cons aubergine 'courgette)? 


Why is 
(cons "aubergine ‘courgette) 
the same (Pair Atom Atom) as 
(cons "aubergine ‘courgette)? 


9 


50 


Yes, the two expressions are the same 
(Pair Atom Atom) because the normal 
form of 
(car 
(cons 
(cons "aubergine 'courgette) 
"tomato)) 
is 


(cons 'aubergine 'courgette). 


That seems pretty obvious. 


Yes, but not everything that seems 
obvious is actually obvious.* 


Frame 23 describes what it means for 
one expression to be the same 

(Pair Atom Atom) 
as another. 


tin Lisp, two uses of cons with the same atoms 
yield pairs that are not eq. Here, however, they 
cannot be distinguished in any way. 


Both 

(cons 'aubergine 'courgette) 
and 

(cons aubergine 'courgette) 


have cons at the top. ‘aubergine is the 
same Atom as ‘aubergine, and 'courgette 
is the same Atom as 'courgette. 


Both expressions have the same car and 
have the same cdr. Thus, they are the 
same 


(Pair Atom Atom). 


14 


Chapter 1 


The First Commandment of cons 


Two cons-expressions are the same (Pair A D) if their cars 
are the same A and their cdrs are the same D. Here, A 


and D stand for any type. 


Perfect. 


What is the normal form of 
(Pair 
(cdr 
(cons Atom ‘olive)) 
(car 
(cons 'oil Atom)))? 


Actually, the expression 


(Pair 
(cdr 
(cons Atom 'olive)) 
(car 
(cons ‘oil Atom))) 
is neither described by a type, nor is it a 
type, so asking for its normal form is 
meaningless.! 
1 Expressions that cannot be described by a type 


and that are not themselves types are also called ill- 
typed. 


” Tt is (Pair ‘olive ‘oil), right? 


= Why not? 


Because Pair is not a type when its 
arguments are actual atoms. 


It is only an expression when its 
arguments are types such as Atom. 


" Does that mean that Pair can’t be used 
together with car and cdr? 
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No, not at all. What is the normal form ~~ What is its type? Normal forms are 
of according to a type. 
(Pair 
(car 
(cons Atom 'olive)) 
(cdr 
(cons ‘oil Atom)))? 


Types themselves also have normal The normal form of the type 
forms. If two types have identical normal (Pair 

forms, then they are the same type, and (car 

if two types are the same type, then they (cons Atom 'olive)) 
have identical normal forms. (cdr 


(cons oil Atom)))? 
must be (Pair Atom Atom) because the 
normal form of 
(car 
(cons Atom ‘olive) ) 
is Atom and the normal form of 
(cdr 
(cons ‘oil Atom)) 
is Atom. 


Normal Forms of Types 


Every expression that is a type has a normal form, which 
is the most direct way of writing that type. If two expres- 
sions are the same type, then they have identical normal 
forms, and if two types have identical normal forms, then 
they are the same type. 


16 Chapter 1 


That's it. Now we know that 
(cons ‘ratatouille "baguette) 
is also a 
(Pair 
(car 
(cons Atom 'olive)) 
(cdr 
(cons ‘oil Atom))) 


because ... 


” |. the normal form of 


(Pair 
(car 
(cons Atom 'olive)) 
(cdr 
(cons ‘oil Atom))) 


is 

(Pair Atom Atom), 
and 

(cons ‘ratatouille 'baguette) 
isa 

(Pair Atom Atom). 


Another way to say this is that 
(Pair 
(car 
(cons Atom 'olive)) 
(cdr 
(cons ‘oil Atom))) 
and 
(Pair Atom Atom) 
are the same type. 


Tf an expression is a 
(Pair 
(car 
(cons Atom 'olive)) 
(cdr 
(cons ‘oil Atom))) 
then it is also a 
(Pair Atom Atom) 


because those two types are the same 


type. 


Similarly, if an expression is a 
(Pair Atom Atom) 
then it is also a 
(Pair 
(car 
(cons Atom 'olive)) 
(cdr 
(cons ‘oil Atom))) 


because those two types are the same 


type. 


And likewise for 
(Pair 
Atom 
(cdr 
(cons ‘oil Atom))), 


which is also the same type. 
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Is 6 an Atom? 


No. We haye no reason to believe that 
‘6 is an Atom, 


because the digit 6 is neither a letter nor 
a hyphen, right? 


Right. Is 

(cons '17 "pepper) 
a 

(Pair Atom Atom)? 


Numbers are certainly convenient. 
Besides Atom and Pair, we can check 
whether something is a Nat. 


Is 1 a Nat?? 


tNat is a short way of writing natural number. 


os 


No, because the car of (cons '17 "pepper) 
is '17, which is not an Atom. 


Tt sure would be natural to have 
numbers, though. 


Let’s give it a try. 


Yes, 1 is a Nat. 


Is 1729 a Nat? 


Is —1 a Nat? 


No, it isn’t. What about —23? 


ot 
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Yes, 1729 is a Nat. Not only is it a Nat, 
it’s also famous!! 


* Thank you, Srinivasa Ramanujan (1887-1920) 
and Godfrey Harold Hardy (1877-1947). 


Hmm. Sure? 


It’s not very clear. 


Positive numbers are Nats. 


a7 


Ah, then —23 is not a Nat? 


18 


Chapter 1 


We prefer a positive point of view. 


What is the smallest Nat? 
Oh yeah, one can’t always be positive.t 
How can one get the rest of the Nats? 


+The number 1, however, is always positive. 


Lots! 


68 
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Isn’t 0 a natural number? 


One can use our old friend add1. If nis a 
Nat, then (add1 n) is also a Nat, and it is 
always a positive Nat even if n is 0. 


How many Nats are there? 


Is there a largest Nat? 


No, because one can always ... 


... add one with add1? 


That’s right!* 


Is 0 the same Nat as 26? 
+ Thank you, Giuseppe Peano (1838-1932). 


Is (+ 0 26)7 the same as 26? 


tEven though we have not explained + yet, use 
your knowledge of addition for now. 
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Clearly not. 


That question has no meaning. But can 
we ask if they are the same Nat? 


Of course. 


Is (+ 0 26) the same Nat as 26? 


What does zero mean? 
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Yes, because the normal form of (+ 0 26) 
is 26, and 26 is certainly the same as 26. 


Does zero mean the same as 0? 


The More Things Change, the More They Stay the Same 
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In Pie, zero and 0 are two ways to write ” “Well, if zero is the same Nat as 0, that 
the same Nat. would make sense. 


Ts one the same Nat as 1? 


Actually, one has no meaning. But ‘i Why is the box around the definition 
(add zero) is another way to write the dashed? 
number 1. 


It is possible to make one be (add1 zero) 
by defining it. 


i: (add1 zero)) 

Fee re Ge ar et ere 4 

A dashed box means that there is ” What is the matter with that definition? 
something the matter with the definition, 

so the definition in the dashed box is not It looks okay. 


available for use later. 


When defining a name, it is necessary to ” So two can be defined as 
first claim the name with a type, and one 


; (claim two 
is a Nat. 
Nat) 
(claim one (define two 
Nat) (add1 one)) 


(define one 
(addi zero)) 


Claims before Definitions 


Using define to associate a name with an expression re- 
quires that the expression’s type has previously been 
associated with the name using claim. 
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If 1 is another way of writing (add1 zero), 
what is another way of writing 4? 


” Shouldn’t it be 
(add1 
(add1 
(add1 
(add1 zero))))? 


Can’t we define four to mean that? 


Of course. 


(claim four 
Nat) 
(define four 
(add1 
(addi 
(add1 
(add1 zero))))) 


Is there another way of writing 8 as well’? 


Is 8 normal? 


8 is normal because its top,' addl is a 
constructor, and because the argument 
tucked under the top addl, namely 7, is 
normal. 


}The top add1 in frame 81 is underlined this one 
time for emphasis. 


" Tt must be 
(addi 
(addi 
(add1 
(add1 
(add1 
(add1 
(add1 
(add1 zero)))))))). 


a ‘ ‘ 
It seems that way. But why is 8 normal? 


ia Why is 7, also written 


(add1 
(add1 
(add1 
(add1 
(add1 
(add1 
(addi zero))))))), 


normal? 


7 is normal for the very same reason. 
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“This must mean that zero is normal, or 
else (add1 zero) would not be normal. 
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What is at the top of zero? 


zero is normal because the top zero is a 
constructor, and it has no arguments. 


Is 


(add1 
(+ (add1 zero) 
(add1 
(add1 zero)))) 


normal? 


An expression with a constructor at the 
top is called a value.t 


Even though 


(add1 
(+ (add1 zero) 
(add1 
(add1 zero)))) 


is not normal, it is a value. 


tValues are also called canonical expressions. 


* Tt must be zero. 


86 
No, because + is not a constructor. 


” Tt is not normal because 


(+ (add1 zero) 
(add1 
(add1 zero))) 


is not the most direct way of writing 3. 


is called a value. 


Values 


An expression with a constructor at the top 


22 


Chapter 1 


Here's another expression that is not 
normal. 
(+ (add1 
(add1 zero)) 
(add1 zero)) 


Is this the most direct way of writing 3? 


Some expressions, such as Nat or 
(Pair Nat Atom), are types. 


Part of explaining a new type is to say 
what its constructors are. The 
constructor expressions are the direct 
ways of building expressions with the 
new type. 
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No. 


What exactly is a constructor? 


What are some examples of 
constructors? 


The constructors of Nat are zero and 
add1, while the constructor of Pair is 
cons. 
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What is the relationship between values 
and normal forms? 


In a value, the top constructor’s 
arguments need not be normal, but if 
they are, then the entire constructor 
expression is in normal form. 


Are all values normal? 


No. 


(add1 
(+ (addi zero) 
(add 
(add1 zero)))) 


and 


(add 
(+ (add1 zero) (add1 one))) 


are values, but they are not normal. 
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Values and Normal Forms 


Not every value is in normal form. This is because the 
arguments to a constructor need not be normal. 
expression has only one normal form, but it is sometimes 
possible to write it as a value in more than one way. 


Each 


What expressions can be placed in the 
empty box to make this expression not a 
Nat value? 


(add1 


92 4 
How about ‘aubergine? 


Indeed, 
(addi 
"aubergine) 


is not a Nat value because ‘aubergine is 
an Atom, not a Nat. 


When filling in boxes, the expectation is 
that the resulting expression is described 
by a type. 


Finding a value that is the same as some 
starting expression is called evaluation. 
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If any Nat expression is placed in the 
box, however, the whole expression is a 
value. The whole expression has add1 at 
the top, and add1 is a Nat constructor. 


What about the type? Sameness, after 
all, requires types. 


From time to time, when talking about 
sameness, we do not explicitly mention a 
type. Nevertheless, a type is always 
intended, and can be discovered by 
reading carefully. 


Doesn’t evaluation refer to finding the 
meaning of an expression, not just some 
simpler expression? 


24 


Chapter 1 


Not here. Expressions do not refer to 
some external notion of meaning—in Pie, 
there is nothing but expressions and 
what we judge about them.t 


TIn Lisp, values are distinct from expressions, 
and the result of evaluation is a value. 


¥6 
That is a new way of seeing evaluation. 


Why is there a difference between 
normal forms and values? 


of thing. 


Everything Is an Expression 


In Pie, values are also expressions. Evaluation 
in Pie finds an expression, not some other kind 


A normal expression has no remaining 
opportunities for evaluation. Usually, 
expressions that are normal are easier to 
understand. Finding a value is often 
enough, however, because the top 
constructor can be used to determine 
what must happen next. 


Tf finding a value is often enough, does 
that mean we are free to find the value 
and stop whenever we want? 


Yes, assuming that specific information 
about the constructor’s arguments is 
never needed. 


Is 


(add1 
(+ (add1 zero) 
(add1 
(add1 zero)))) 


the same Nat as four’? 


98 : . 
Here is a possible answer. 


They are not the same Nat because 


(add1 
(+ (add1 zero) 
(add1 
(add1 zero)))) 

is a value, and it certainly does not look 
like the variable four. Finding the value 
of four does not help, because four’s 
value looks very different. 
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Good try. 


But they are actually the same Nat. 


” How can that be? 


Two Nat expressions, that aren’t values, 
are the same if their values are the same. 
There are exactly two ways in which two 
Nat values can be the same: one for each 
constructor. 


If both are zero, then they are the same 
Nat. 


What about when both values have add1 
at the top? 


The Commandment of zero 


zero is the same Nat as zero. 


If the arguments to each add1 are the 
same Nat, then both addl-expressions 
are the same Nat value. 


Why is 

(add1 zero) 
the same 

Nat 
as 

(addi zero)? 


™ Both expressions are values. Both values 


have add1 at the top, so their arguments 
should be the same Nat. 


The arguments are both zero, which is a 
value, and zero is the same Nat value as 
zero. 


(add1 k). 


The Commandment of add1l 


If n is the same Nat as k, then (add1 n) is the same Nat as 
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Why is Both of these Nats have add1 at the top, 


(add1 (+ 0 1)) so they are values. 
Ghecame They are the same because 
Nat (#01) 
oS is the same 
(addi (+ 1 0))? Nat 
as 
(+10). 
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Why is (+ 0 1) the same Nat as (+ 1 0)? These Nats are not values, so to 
determine whether they are the same, 
the first step is to find their values. 


Both expressions have (addi zero) as a 
value, and frame 101 explains why 


(add1 zero) 
is the same 
Nat 
as 
(add1 zero). 


That's right. Does this mean that four could have 
been defined like this? 


(define four 
1 (add 
(+ (add1 zero) 
(add1 
(add1 zero))))) 
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Why is that box dashed? four is already defined, and can’t be 
defined again. 
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Definitions Are Forever 


Once a name has been claimed, it cannot be reclaimed, and 
once a name has been defined, it cannot be redefined. 


106 


And yes, four could have been defined 
like that initially. 


In fact, no other expression could tell the 
difference between the two definitions of 
four because both define four to be the 
same Nat. 


Is cons a constructor? 


. Wr 
Yes, cons constructs Pairs. 
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Yes. To find the value of a 
car-expression, start by finding the value 
of its argument. 


What can be said about the argument’s 
value? 


Is it necessary to evaluate car’s argument 
in order to evaluate a car-expression’? 


The argument’s value has cons at the 
top. 
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After finding the argument’s value, what 
comes next? 


The value is the first argument to cons. 
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What is the value of 


(car 
(cons (+ 3 5) 'baguette))? 


The first argument to cons is 
(+ 35), 
which is not a value. 
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To find the value of a car-expression, first 
find the value of the argument, which is 
(cons a d).' The value of 


(car 
(cons a d)) 


is then the value of a. 


How can the value of a cdr-expression be 
found? 


THere, a@ is for car and d is for cdr. 


No. Recall from frame 86 that zero is a 
constructor. 


What does it mean for two expressions 
to be the same (Pair Atom Nat)? 


Very good. 


m 
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Like car, start by evaluating cdr’s 
argument until it becomes (cons a d). 
Then, the value of 
(cdr 
(cons a d)) 


is the value of d. 


Do all constructors have arguments? 


Tt must mean that the value of each 
expression has cons at the top. And, 
their cars are the same Atom and their 
cdrs are the same Nat. 


Are atoms constructors? 


The atom ‘bay is a constructor, and so is 
the atom "leaf. 


ir) 


Are all atoms constructors? 


Yes. Each atom constructs itself. 


Does this mean that atoms are values? 


Right. 


In the expression zero, what is the top 
constructor? 
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Yes, it does, because the explanation of 
why 

Atom is a type 
says that atoms are Atom values. 


It must be zero, because zero is a 
constructor of no arguments. 
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In the expression "garlic, what is the top 
constructor? 


The atom ‘garlic is the only constructor, 
so it must be the top constructor. 


Is Nat a constructor, then? 


No, Nat is not a constructor. zero and 
add1 are constructors that create data, 
while Nat describes data that is just zero, 
or data that has add1 at its top and 
another Nat as its argument. 


Is Pair a constructor? 


Pair is a type constructor because it 
constructs a type. Likewise, Nat and 
Atom are type constructors. 

Is 


(cons zero 'onion) 


(Pair Atom Atom)? 


Indeed it is! But 
(cons "zero ‘onion) 
isa 
(Pair Atom Atom). 


What is the type of 


(cons ‘basil 
(cons "thyme 'oregano))?t 


tThank you, Julia Child (1912-2004). 


Indeed it is. 


9 
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a 


No, because Pair-expressions describe 
expressions with cons at the top. 
Constructors create data, not types. 


What is Pair called, then? 


No. 


Isn't it a 
(Pair Nat Atom)? 


Based on what we've seen, it must be a 


(Pair Atom 
(Pair Atom Atom)). 


All right, that’s enough for now. My 
head is going to explode! 
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It might be a good idea to read this Some fresh vegetables would be nice 


chapter one more time. Judgments, after all this reading. 
expressions, and types are the most 
important ideas in this book. 


Now go enjoy some delicious 
homemade ratatouille! 
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prior permission. Violators will be prosecuted. 


prior permission. Violators will be prosecuted. 


How was the ratatouille? 


In chapter 1, there are constructors, 
which build values, and type 
constructors, which build types. 


car, however, is neither a constructor nor 
a type constructor. 


car is an eliminator. Eliminators take 
apart the values built by constructors. 


What is another eliminator? 


Trés bien, thanks for asking. 


What is car, then? 


If car is an eliminator, then surely cdr is 
also an eliminator. 


Constructors and Eliminators 


Constructors build values, and eliminators take 
apart values built by constructors. 


Another way to see the difference is that 
values contain information, and 
eliminators allow that information to be 
used. 


Is there anything that is both a 
constructor and an eliminator? 


No, there is not. 
It is possible to define a function that is 


as expressive as both car and cdr 
combined. 


It requires our old friend i. 


How? 


What is that? It doesn’t look familiar. 
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Oops! It is also known as lambda.' 


t) can be optionally written lambda. 


Oh, right, \ builds functions. 


Does this mean that is a constructor? 


Yes, it does, because every expression 
that looks like (\ (2p x ...1) body) is a 
value. 


What is the eliminator for such values? 


}The notation x .. 
mr. 


ineans zero or more xs, SO 
.. means one or more xcs. 


The only thing that can be done to a 
function is to apply it to arguments. 


How can functions have an eliminator? 


Applying a function to arguments is the 
function’s eliminator. 


Okay. 


Eliminating Functions 


Applying a function to arguments is the eliminator for 


functions. 


What is the value of 


(\ (flavor) 
(cons flavor "lentils))? 
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It starts with a , so it is already a 
value. 


Right. 


What is the value of 


((\ (flavor) 
(cons flavor "lentils)) 
"garlic)? 


It must be (cons "garlic "lentils), if 
works the same way as lambda and cons 
is a constructor. 


But doesn’t this mean that cons’s first 
argument is being evaluated, even 
though the cons-expression is already a 
value? 
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No, it does not, but that’s a very good 
question. Replacing the \-expression’s 


flavor happens because the \-expression 
is applied to an argument, not because of 


the cons.t 


Every flavor in the body of the 


d-expression is replaced with "garlic, no 


matter what expression surrounds the 
flavor. 


tConsistently replacing a variable with an ex- 


pression is sometimes called substitution. 


Why is there is no need to evaluate 
(+12) 
in the preceding frame? 


* So this means that the value of 


((X (root) 
(cons root 
(cons (+ 1 2) root))) 
potato) 


is therefore 


(cons 'potato 
(cons (+ 1 2) 'potato)), 
right? 


' The entire expression has cons at the 


top, so it is a value. 


Frame 12 contains a small exaggeration. 
If the root (underlined here) in the body 
of the \-expression occurs under another 


» with the same name, then it is not 
replaced. 


What is the value of 
((\ (root) 
(cons root 
(\ (root) 
root))) 
‘carrot)? 


* Tt must be 


(cons ‘carrot 
( (root) 
root)) 
because the inner root is under a 
d-expression with the same name. 
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” “What about expressions that have these 
}-expressions as their values? 


\ does work the same way as lambda, 
and that is indeed the right answer. 


To be an 
(— Atom 
(Pair Atom Atom))! 
is to be a \-expression that, applied to 
an Atom as its argument, evaluates to a 


(Pair Atom Atom). 
iThis is pronounced “Arrow atom pause pair 


atom atom.” And — can be written with two char- 
acters: ->. 


Yes, these are also 


(— Atom 
(Pair Atom Atom)) 


because they too become a 
(Pair Atom Atom) 


when given an Atom as an argument. 


"Are they also 


(— (car (cons Atom 'pepper)) 
(Pair (cdr (cons "salt Atom)) Atom))? 


Yes, because 


(car 
(cons Atom 'pepper)) 


is Atom and 


(cdr 
(cons 'salt Atom)) 


is also Atom. 


" Tt makes sense to ask what it means for 


two expressions to be the same Nat, the 
same Atom, or the same (Pair Nat Atom). 


Does it also make sense to ask what it 
means for two expressions to be the same 


(— Nat 
Atom), 
or the same 


(— (Pair Atom Nat) 
Nat)? 
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Yes, it does. Two expressions are the 
same 
(> Nat 
Atom) 
when their values are the same 
(+ Nat 
Atom). 


Their values are \-expressions. What 
does it mean for two \-expressions to be 
the same 


(— Nat 
Atom)? 


Two )-expressions that expect the same * 


number of arguments are the same if 
their bodies are the same. For example, 
two -expressions are the same 
(> Nat 
(Pair Nat Nat)) 


if their bodies are the same 
(Pair Nat Nat). 


What is not the same about those ™ 


expressions? 


Does this mean that 
(» (x) 
(cons x x)) 
is not the same 


(—> Nat 
(Pair Nat Nat)) 


as 


& (y) 
(cons y y))? 


The names of the arguments are 
different. This usually doesn’t matter, 
though. Does it matter here? 


21 


Two )-expressions are also the same if 
there is a way to consistently rename the 
arguments to be the same that makes 
their bodies the same.! 


Consistently renaming variables can’t 
change the meaning of anything. 


t Renaming variables in a consistent way is often 
called alpha-conversion. Thank you, Alonzo Chureh 
(1903-1995). 


Is 
(s (ad) 
(cons a d)) 
the same 
(— Atom Atom 
(Pair Atom Atom)) 
as 
(d (d a) 
(cons a d))? 
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The Initial Law of Application 


and argis a Y, then 
(f arg) 


is an X. 


The Initial First Commandment of > 


Two )-expressions that expect the same number of ar- 
guments are the same if their bodies are the same after 
consistently renaming their variables. 


The Initial Second Commandment of 
If f is an 


as long as y does not occur in f. 
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No, it is not, because consistently 
renaming the variables in the second 
d-expression to match the arguments in 
the first \-expression yields 

(A (a d) 

(cons d a)), 

and (cons d a) is not the same 
(Pair Atom Atom) as (cons a d). 


What about 
(» (y) 
(car 
(cons y y)))? 
Is it the same 
(— Nat 
Nat) 
as 
(d (x) 
x)? 


ing of anything. 


The Law of Renaming Variables 


Consistently renaming variables can’t change the mean- 


oxy 


First, consistently rename y to x. Now, 
the question is whether 


(car 
(cons x x)) 


is the same Nat as x. 


There are precisely two ways that two 
expressions can be the same Nat. One 
way is for both their values to be zero. 
The other is for both their values to have 
add1 at the top and for the arguments to 
both addis to be the same Nat. 


These expressions are not Nat values 
because they do not have add1 at the top 
and they are not zero. 


J 2 
The value of x is not yet known, because 


the \-expression has not been applied to 
an argument. But when the \-expression 
has been applied to an argument, the 

value of x is still a Nat value because ... 


... because the \-expression is an 


(— Nat 
Nat), 


so the argument x can’t be anything else. 
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prior permission, Violators will be prosecuted. 


Expressions that are not values and 
cannot yet be evaluated due to a variable 
are called neutral. 


* Does this mean that 


(cons y "rutabaga) 
is neutral? 


No, it is not neutral, because 
(cons y 'rutabaga) 
is a value. 


If x is a (Pair Nat Atom), is 
(cdr x) 
a value? 


6 


No, because cdr is an eliminator, and 
eliminators take apart values. 


Without knowing the value of x, there is 
no way to find the value of (cdr x), so 
(cdr x) is neutral. 


Neutral expressions make it necessary to 
expand our view on what it means to be 
the same. Each variable is the same as 
itself, no matter what type it has. This 
is because variables are only replaced 
consistently, so two occurrences of a 
variable cannot be replaced by values 
that are not the same. 


Yes. And, likewise, 
(x) 


(car 
(cons x x))) 


is the same 


(— Nat 
Nat) 


as 


(x) 


®). 
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So if we assume that y is a Nat, then 
(car 
(cons y 'rutabaga)) 
is the same Nat as y because the 
car-expression’s normal form is y, and y 
is the same Nat as y. 


Right, because the neutral expression x 
is the same Nat as x. 
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prior permission. Violators will be prosecuted. 


Is ” One would think so. But why? 
(x) 
(car x)) 
the same 


(— (Pair Nat Nat) 
Nat) 


as 


a) 
(car y))? 


The first step is to consistently rename y mS Yes, assuming that 


to x. (car x) 
iF is the same Nat as 
O (x) (car x). 
(car x)) 
Shenae But (car x) is not a variable, and it is 
; not possible to find its value until x’s 
(— (Pair Nat Nat) value is known. 
Nat) 
as 
O Ox) 
(car x))? 
If two expressions have identical * So. 
eliminators at the top and all arguments (car x) 


to the eliminators are the same, then the 
expressions are the same. Neutral 
expressions that are written identically (car x), 

are the same, no matter their type. assuming that x is a (Pair Nat Nat). 


is indeed the same Nat as 
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The Commandment of 
Neutral Expressions 


Neutral expressions that are written identically are the 
same, no matter their type. 


Is What does having more expressions after 
(\ (ad) the + mean? 


(cons a d)) 
an 


(— Atom Atom 
(Pair Atom Atom))? 


The expressions after an +, except the = Okay, then, 
lastt one, are the types of the arguments. (\ (ad) 
The last one is the value’s type. (cons a d)) 


is an 
(— Atom Atom 
(Pair Atom Atom)). 


+The last one is preceded by a pause when pro- These expressions are certainly getting 
nounced, long. 


Mu 


One way to shorten them is the careful Good idea. 
use of define, as in frame 1:77, which 
allows short names for long expressions. 
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Suppose that the constructor cons is 
applied to 'celery and ‘carrot. We can 
refer to that value as vegetables. 


(claim vegetables 
(Pair Atom Atom)) 
(define vegetables 
(cons 'celery ‘carrot)) 


From now on, whenever the name 
vegetables is used, it is the same 


(Pair Atom Atom) 
as 
(cons 'celery 'carrot), 
because that is how vegetables is defined. 


* Why does it say 


(Pair Atom Atom) 
after claim? 


Following 


if 

expr is an X, 
then 

name is an X 
and 


The Law and Commandment of define 


(claim name X) and (define name expr), 


name is the same X as expr. 
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(Pair Atom Atom) describes how we can 
use vegetables—we know that 
(car vegetables) is an Atom, and also that 
(cons 'onion vegetables) is a 
(Pair Atom 
(Pair Atom Atom)).f 


They are a good start for lentil soup, too. 


Ah, that. makes sense. 


aT 


Is 
vegetables 
the same 
(Pair Atom Atom) 
as 
(cons (car vegetables) 
(cdr vegetables))? 
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In fact, whenever 
pis a (Pair Atom Atom), 
then 
p is the same 
(Pair Atom Atom) 
a 
(cons (car p) (cdr p)). 


Finding the values of (car p) and (cdr p) 
is not necessary. 


Yes, because the value of each expression 
is a pair whose car is 'celery and whose 
cdr is 'carrot. 


That seems reasonable. 


The Second Commandment of cons 
If p is a (Pair A D), then it is the same (Pair A D) as 


(cons (car p) (cdr p)). 
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Is this definition allowed? What? 


| (claim five i 
' Nat) 1 
| (define five i 


' (+ 7 2)) 


It is allowed, even though it is probably “ Tt must be 10 because five plus 5 is ten. 
a foolish idea. 


What would be the normal form of 
(+ five 5)? 


4 


Try again. Remember the strange ... Oh, right, it would be 14 if five were 
definition of five... defined to be 9. 
That's right “Is this definition allowed? It doesn’t 


seem particularly foolish. 


i 
' 

| Nat) 
| (define zero 
' 


It is not as foolish as defining five to re Okay. 
mean 9, but it is also not allowed. 


Names that are already used, whether 
for constructors, eliminators, or previous 
definitions, are not suitable for use with 
claim or define. 
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Names in Definitions 


In Pie, only names that are not already used, whether 
for constructors, eliminators, or previous definitions, can 
be used with claim or define. 


There is an eliminator for Nat that can“ How does which-Nat tell which of the two 
distinguish between Nats whose values kinds of Nats it has? 

are zero and Nats whose values have 

add1 at the top. This eliminator is called 


which-Nat. 
A which-Nat-expression has three "So which-Nat both checks whether a 
arguments: target, base, and step: number is zero and removes the add1 
(which-Nat target from the top when the number is not 
base , zero. 
step). 


which-Nat checks whether 

target is zero. 
If so, 

the value of the which-Nat-expression 
is 

the value of base. 
Otherwise, if 

target is (add1 n), 
then 

the value of the which-Nat-expression 
is 


the value of (step n). 
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Indeed. 


What is the normal form of 
(which-Nat zero 
"naught 
(d (n) 


'more))? 


The dimness indicates that 1 is not used 
in the body of the \-expression. Unused 
names are written dimly. 


It must be 'naught because the target, 
zero, is zero, so the value of the 
which-Nat-expression is base, which is 
‘naught. 


Why is n written dimly? 


fs Why isn’t it used? 


which-Nat offers the possibility of using 
the smaller Nat, but it does not demand 
that it be used. But to offer this 
possibility, which-Nat’s last argument 
must accept a Nat. 


Okay. 


Dim Names 


Unused names are written dimly, but they do need to be 


there. 


What is the value of 


(which-Nat 4 
"naught 


(x (n) 


'more))? 


It must be 'more because 4 is another 
way of writing (add1 3), which has add1 
at the top. The normal form of 


(Q (n) 


‘more) 
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The Law of which-Nat 


If target is a Nat, base is an X, and step is an 


then 
(which-Nat target 
base 
step) 
is an X. 


The First Commandment of which-Nat 
If (which-Nat zero 
base 


step) 
is an X, then it is the same X as base. 


The Second Commandment of which-Nat 
If (which-Nat (add1 7) 
base 


step) 
is an X, then it is the same X as (step n). 
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What is the normal form of 


(which-Nat 5 
0 
(A (n) 
(+ 6 n)))? 


50 


Is it 11 because 
( (n) 
(+6 n)) 
5) 
is 11? 


The normal form is 10 because the value 
of a which-Nat expression is determined 
by the Nat tucked under the target as an 
argument to the step. 


‘ Ah, so the normal form is 10 because 
(Q (n) 
(+ 6 n)) 
4) 
is 10. 


Define a function called gauss! such that 


The sum of Nats is a Nat. 


(gauss n) is the sum of the Nats from (claim gauss 
zero to n. (— Nat 
What is the type of gauss? Nat) 
+ Carl Friedrich Gauss (1777-1855), according to 

folklore, figured out that 0+---+n = * 3 
he was in primary school and was asked to sum a 
long series. 

* BS < 
Right. How? 


Now define it. 


The first step is to choose an example 
argument. Good choices are somewhere 
between 5 and 10—they're big enough to 
be interesting, but small enough to be 
manageable. 


* How about 5, then? 
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Sounds good. 


What should the normal form of 
(gauss 5) 
be? 


The next step is to shrink the argument. 


(gauss 4), which is 10, is almost 
(gauss 5), which is 15. 


A white box around a gray box contains 
unknown code that wraps a known 
expression. What should be in this white 
box to get 


(gauss 5) 
from 
(gauss 4)? 


(gauss 4) | 


Next, make it work for any Nat that has 
add1 at the top. 


If nis a Nat, then what should be in the 
box to get 


(gauss (add1 n)) 
from 
(gauss n)? 


(gauss n) 


Remember that 5 is another way of 
writing (add1 4). 


It should be 0+1+4+2+3-+44+5, which 
is 15. 


5 must be added to (gauss 4), and our 


sum is 15. 


(+5 


” ‘The way to find (gauss (add1 n)) is to 


replace 4 with nin the preceding frame’s 
answer. 


(+ (add1 n) ) | 


What about zero? 
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What is (gauss zero)? 


Now define gauss. 


Remember the white and gray boxes. 


58 


Clearly it is 0. 


Piece of cake! The name, n-1, suggests 
that it represents a Nat that is tucked 
under (or one less than) n. 


1 
1 O(n) ' 
u (which-Nat n | 
; 2 
f (A (1-1) } 
i) 
i (+ (addi n-1) | (gauss n-1)|)})))) ' 
\ 
Acoso Se Saal 

Nice try, and it would deserve a solid box a Why not? 

if recursion were an option, but recursion 

is not an option. 

Because recursion is not an option. 7 Why not? 


Because recursion is not an option. 


Okay. Please explain why recursion is 
not an option. 


Recursion is not an option because every 


expression must have a value. Some 
recursive definitions make it possible to 
write expressions that do not have 
values. 


oy 


What is an example of a recursive 
definition and an expression without a 
value? 
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forever is such a definition. 


“ Good question. 


(define forever 
(\ (and-ever) 
(forever and-ever))) 


' 
' 
1 
' 
' 
' 
' 
' 
' 
1 


What is the value of (forever 71)? 


Why does it have a dashed box? 


Recursion is not an option, so recursive 
definitions (like forever) stay dashed 
forever. 


5 


But what about definitions like gauss 
that need recursion? 


There is a safe alternative to recursive 
definitions, This alternative allows gauss, 
along with many similar definitions, to 
be written without including the name 
gauss. 


Here is the start of a safe alternative 
definition of gauss. 


(define gauss 
1 (X (n) 
| gauss is not an option here! |)) 


As far as it goes, it is correct. The point 
is that gauss cannot occur in its own 
definition. 


It is possible to write gauss in Pie, but 
which-Nat and define are not up to the 
task. A different eliminator is needed, 
but the time is not yet ripe. 


Now it is clear what is meant by 
“Recursion is not an option.” 


Does this mean that it is impossible to 
write gauss in Pie? 


68 : 2 ‘ 
Patience is a virtue. 


a9 


It is also possible to define shorter names = What is the claim in this case? 


for expressions such as (Pair Nat Nat). 
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Another good question! 


Expressions such as Atom, Nat, and 
(Pair Atom Nat), are types, and each of 
these types is a U.t 


tu, pronounced “you,” is short for universe, be- 
cause it describes all the types (except for itself). 


” Are types values? 


Some types are values. 


An expression that is a type is a value 
when it has a type constructor at its top. 
So far, we have seen the type 
constructors Nat, Atom, Pair, +, and U. 


™ Are all types values? 


Type Values 


An expression that is described by a type is a value when 
it has a constructor at its top. Similarly, an expression 
that is a type is a value when it has a type constructor 
at its top. 


No. 
(car 
(cons Atom 'prune)) 


is a type, but not a value, because car is 
neither a constructor nor a type 
constructor. 


” Which expressions are described by 


(car 
(cons Atom 'prune))? 
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Because What is the difference between type 
(car constructors and constructors? 


(cons Atom 'prune)) 
and 
Atom 
are the same type, 
(car 
(cons Atom 'prune)) 


describes the same expressions as Atom. 


Type constructors construct types, and “Is (cons Atom Atom) a U? 
constructors (or data constructors) 

construct values that are described by 

those types. 


Judging that an expression is a type 
requires knowing its constructors. But 
the meaning of Y/ is not given by 
knowing all the type constructors, 
because new types can be introduced. 


No, but ” Let's think about (Pair Atom Atom). 


(cons Atom Atom) 
Is 


isa 
(cons Atom Atom) 


(Pair U U). 


An atom, like ‘plum, is an Atom. On the (Pair Atom Atom)? 
other hand, Atom is not an Atom, it’s a 
type described by U4. 


No, it is not, because Atom is a type, not * Is Ual? 
an Atom. 
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No, but Y is a type. No expression can "Is every expression that is a U also a 
be its own type.t type? 


tIt would be possible for U to be a Uy, and 
U1 to be a Wa, and so forth. Thank you, Bertrand 
Russell (1872-1970), and thanks, Jean-Yves Gi- 
rard (1947—). Here, a single / is enough because 
U is not described by a type. 


Yes, if X is a U, then X is a type. “Is every type described by U? 


Every U Is a Type 


Every expression described by U/ is a type, but not every 
type is described by U/. 


Every expression described by U is a Is 
type, but not every expression that is a (cons Atom Nat) 
type is described by UW. é 

(Pair UU)? 
Yes, it is. ” ‘That must be 
Define Pear to mean the type of pairs of (claim Pear 


Nats. U) 
(define Pear 
(Pair Nat Nat)) 


From now on, the meaning of Pear is 
(Pair Nat Nat). 


The name has only four characters, but 
the type has fourteen. 
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Is Pear the same type as (Pair Nat Nat), 
everywhere that it occurs? 
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Yes, by the Commandment of define. 


Is (cons 3 5) a Pear? 
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Yes, because 
(cons 3 5) 
isa 
(Pair Nat Nat), 
and 
Pear 
is defined to be precisely that type. 


That's a good point. 


No. Names defined with define are 
neither type constructors nor 
constructors. Thus, they are not values. 


Is there an eliminator for Pear? 


Yes. 


An eliminator for Pear must allow the 
information in values with type Pear to 
be used. 


83 
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Is Pear a value? 


Does that mean an eliminator that takes 
apart values of type Pear? 


What does it mean to allow the 
information to be used? 


An eliminator for Pear that allows the 
information in any Pear to be used is one 
that applies a function to the two Nat 
arguments in the Pear. 


Which functions can be applied to two 
Nats as arguments? 


Okay. 


7 , 
Here's one: +. 
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What about an expression that How about 
exchanges the Nats? (s (ad) 


(cons d a))? 


Very good. What about an expression ” ‘That must be 


that extracts the first Nat from a Pear? (d (ad) 
a). 
Very close. Actually, it would be me Okay. But the expression is correct 
( (a a) except for dimness, right? 
a). 


Indeed. To get a value of type Xt from a "Tt takes two Nats and produces a Nat, so 


Pear, one must have an expression of it must be 
type (— Nat Nat 
(— Nat Nat Nat). 
X). 


What type does + have? 


+X can be any type at all. 


That's right. Clearly it must be 
What would be the type of se sa ue 
Q (ad) which is the same as 
(cons d a)), 
(— Nat Nat 


a? 
when both a and d are Nats? (Pair Nat Nat)). 
How can a 

d-expression 
be used with a 
Pear? 


Doin’ What Comes Naturally 57 


Definitions Are Unnecessary 


Everything can be done without definitions, but they do 


improve understanding. 


Try this: 


claim Pear-maker 
u) 
define Pear-maker 
(— Nat Nat 
Pear)) 


claim elim-Pear 
(—> Pear Pear-maker 
Pear)) 
define elim-Pear 
(\ (pear maker) 


(maker (car pear) (cdr pear)))) 


Is there a way to write the claim of 
elim-Pear without using Pear or 
Pear-maker? 


When are definitions necessary? 


That's right. elim-Pear is the same as the 
d-expression that is its definition. 


What is the value of 
(elim-Pear 
(cons 3 17) 
(a (ad) 
(cons d a)))? 
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ou 


Yes, by replacing Pear-maker and both 
Pears with their respective definitions. 


| (— (Pair Nat Nat) ' 
i (> Nat Nat ' 
(Pair Nat Nat)) ' 
| (Pair Nat Nat))) ' 


The names Pear and Pear-maker were 
never necessary. Is the name elim-Pear 
necessary? 


Never! 


” How about 


((\ (pear maker) 

(maker (car pear) (cdr pear))) 
(cons 3 17) 
(\ (a d) 

(cons d a)))? 


Chapter 2 


That's a good start. But it is not yet a 
value. 


” The value is (cons 17 3). 


Because elim-Pear means the same thing 
as the \-expression in its definition, 
(car 
(cons 3 17)) 
is the same Nat as 3, 
(cdr 
(cons 3 17)) 
is the same Nat as 17, and 
((\ (ad) 
(cons d a)) 
3 17) 


is the same Pear as 
(cons 17 3). 


What does it mean to add two pears? 


7 


Is it just adding the first and second 
Nats of each pear? 


Good guess. 


What type does this pearwise addition 
have? 


How can pearwise addition be defined 
using elim-Pear? 


The type is 


(— Pear Pear 
Pear), 


right? 


That’s pretty hard. 


Won't it be necessary to eliminate both 
pears because both of their Nats are part 
of the result? 
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Indeed. First, split anjou and bosc into their 
respective parts, then add their first 


Define pearwise+, so that evisrand thetripegond pants. 
ise 
ag ee 5% (claim pearwise+ 
(cons 7 6)) (—> Pear Pear 


Pear)) 
(define pearwise+ 
(\ (anjou bosc) 
(elim-Pear anjou 
( (ar di) 
(elim-Pear bosc 
(¥ (a2 d2) 
(cons 
(+ a; a2) 


(+ di d2)))))))) 


is the same Pear as 
(cons 10 14). 


It might be a good idea to take a break, a Yes, that does seem like a good idea. 
then come back and re-read this chapter. 
But how can we ever get to chapter 3? 


By getting to chapter 3. "It’s a good thing recursion is not an 
option. 


Go eat two tacos de nopales 
but look out for the spines. 
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This page is intentionally left blank. 


Recursion can be subtle. Apologies to Guy L. Steele Jr., whose thesis inspired this joke. 
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It’s time to play with Pie. 


While pie is indeed a delicious food, Pie 
is a language, and a little playing around 
with it won’t hurt. 


Using Pie is very much like a 
conversation: it accepts claims, 
definitions, and expressions and it replies 
with feedback. 


Isn’t it impolite to play with your food? 


Let’s get started. 


What sort of feedback? 


For claims and definitions, the feedback 
is whether they are meaningful. For 
expressions, the feedback is also the 
expression’s type and normal form. 


What if they are not meaningful? 


Pie explains what is wrong with them, 
and sometimes adds a helpful hint. 


Eat your vegetables before the Pie. 


Try typing 
‘spinach 
and see what happens. 


* What might be wrong with an 


expression? 


Pie responds with 
(the Atom 'spinach). 
What does the mean here? 


It means that ‘spinach is an Atom. 


In Pie, an expression must either be a 
type or be described by a type. Pie can 
find the types of many expressions on its 
own, including atoms. 


A Forkful of Pie 


What about 
(car 'spinach)? 
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That expression is not described by a * Can Pie always determine the type that 
type because "spinach is not a pair. describes an expression? 


No, sometimes Pie needs help. For example? 


In that case, use a the-expression! to tell 
Pie which type is intended. 


tthe-expressions are also referred to as type an- 


notations. 
Pie cannot determine the type of a % Why not? Isn’t it obvious that 
cons-expression that stands alone. (cons ‘spinach 'cauliflower) 
isa 
(Pair Atom Atom)? 
It is obvious to us, but later, cons = How, then, can Pie determine that 
becomes more magnificent, and that (cons "spinach cauliflower) 
increased power means that the type leanne 
cannot be determined automatically. eee 
Try this: * Soa the-expression associates an 
(the (Pair Atom Atom) expression with its type, both in Pie’s 
(cons ‘spinach 'caulifiower)). feedback and in the expressions we write. 


The Law of the 


If X is a type and ¢ is an X, then 
(the X e) 
is an X. 
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There are two kinds of expressions in 
Pie: those for which Pie can determine a 
type on its own, and those for which Pie 
needs our help. 


* Are there other ways to help Pie with 
types? 


Yes. In chapter 1, claim is required before ° 


its associated define, which tells Pie what 
type to use for the definition’s meaning. 


Why not just use claim and define every 
time Pie can’t determine the type of an 
expression? 


That would work, but keeping all the 
names straight might be exhausting. 


Are there any other ways to help Pie find 


a type? 


There is one more way. If an expression 
is used somewhere where only one type 
makes sense, then that type is used. 


While checking that 
(the (Pair Atom 
(Pair Atom Atom)) 
(cons ‘spinach 
(cons 'kale 'caulifiower))) 


is described by a type, Pie uses 
(Pair Atom Atom) 

as a type for 
(cons 'kale 'caulifiower). 


No. 


The value of 
(the X e) 


is the value of e. 


What is an example of this? 


Here, the inner cons doesn’t need a the 
because its type is coming from the outer 
cons’s type. 


Are expressions with the at the top 
values? 


18 
So what is the value of 


(car 
(the (Pair Atom Nat) 
(cons "brussels-sprout 4)))? 


A Forkful of Pie 
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The Commandment of the 
If X is a type and ¢ is an X, then 


(the X e) 
is the same X as e. 


The value is one little round 
"brussels-sprout. 


Now try this: 
U 


19 . 
Pie said: 


U 
Why wasn’t it 
(the U U)? 


U is a type, but it does not have a type. 
This is because no expression can be its 
own type, as seen in the note in 

frame 2:77. 


When an expression is a type, but does 
not have a type, Pie replies with just its 
normal form. 


20 


Are there any other types that don’t 
have the type U? 


Yes. (Pair UU), (Pair Atom U/), and 
(3 uUu 
u) 
are all types that do not have U as their 
type. 


This is enough for now. There’s time for 
more Pie later. 


Have fun playing. 


a 


Are there any other aspects of Pie that 
would be good to know? 


What’s the next step? 


Sounds like a plan! 
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A Forkful of Pie 


Eat your vegetables 
and enjoy your Pie. 
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Here is the dashed definition of gauss 
from frame 2:59. 


| (define gauss 
(A (n) 

\ (which-Nat 1 

' i) 

H (\ (nL) 

(+ (addi n-1) (gauss n-1)))))) 


Now, it is time to define gauss properly, 


without explicit recursion. 


Does that mean that we are about to 
define gauss like this? 


(define gauss 1 
1 (d(n) 


[-wfthout gauss bere?) 


Why are recursive definitions not an 
option? 


Exactly. 


But some recursive definitions always 
yield a value. 


2 . 
Because they are not an option. 


Like gauss, right? 


That’s right. 


What is the normal form of (gauss 0)? 


It is zero. 


What is the value of (gauss 1)? 


Eliminate All Natural Numbers! 


" Tt is 1 because 


1. | (gauss (add1 zero)) is the same as 
-| (+ 1 (gauss zero)) is the same ast 


3. |(add1 (gauss zero)) 


tWhen expressions are vertically aligned with a 
bar to their left, assume that “is the same as” follows 
all but the last one. This kind of chart is called a 
“same as” chart. 
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Is that the value? Is there more to do? 


3. | (add1 (gauss zero) ) 
4.|(add1 zero) 


Sameness 


If a “same as” chart could show that two expressions are 
the same, then this fact can be used anywhere without 
further justification. “Same As” charts are only to help 
build understanding. 


Actually, Oh, because it has the constructor add1 
(addi (gauss zero)) at the top. 
is already a value. Why? 


Exactly. It is (add1 zero). 


What is the normal form of (gauss 1)? 


Why does (gauss 2) have a normal form? " Because (gauss 2)’s normal form relies 
only on the normal form of (gauss 1), 
which has a normal form, and the 
normal form of +. 


Does + have a normal form? 


10 


+ does, once it’s defined. Assume that + All right. 
does, for now. 
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Why does (gauss 3) have a normal form? 


Why does (gauss (add1 k)) have a 
normal form for any Nat k? 


A function that assigns a value to every 
possible argument is called a total 
function. 


Both + and gauss are total. 


u 


13 


Because (gauss 3)’s normal form relies 
only on the normal form of (gauss 2), 
which has a normal form, and the 
normal form of +. For now, we're 
assuming + has a normal form. 


Because 
(gauss (add1 k))’s normal form 
relies only on 


(gauss k)’s normal form, k's value, and 
the normal form of +. 


k’s value must either be zero or have 
addi at the top. We already know that 


(gauss 0) has a normal form, 
and we just checked that 


(gauss (add1 k)) has a normal form for 
any Nat k. 


Are there any functions that aren’t 
total? 


Total Function 


A function that always assigns a value to every possible 
argument is called a total function. 


Eliminate All Natural Numbers! 


71 


Not here. In Pie, all functions are total.t 


What is an eliminator? 


Because all functions are total, the order in 
which subexpressions are evaluated does not matter. 
If some functions were not total, then the order of 
evaluation would matter because it would determine 
whether or not functions were applied to the argu- 
ments for which they did not have values. 


What does it mean to take apart a Nat? 


“An eliminator takes apart values built by 


constructors. 


* Doesn't which-Nat take apart a Nat? 


This means that which-Nat is an 
eliminator for Nat. But Nats that have 
add1 at the top have a smaller Nat 
tucked under, and which-Nat does not 
eliminate the smaller Nat. 


One way to eliminate the smaller Nat is 
with iter-Nat. 


" Ts there a way to eliminate the smaller 


Nat? 


What is iter-Nat? 


An iter-Nat-expression looks like this: 
(iter-Nat target 
base 
step). 
Like which-Nat, when target is zero, the 
value of the iter-Nat-expression is the 
value of base. 


How is iter-Nat unlike which-Nat? 


Unlike which-Nat, when target is 
(add1 n), the value of the 
iter-Nat-expression is the value of 
(step 
(iter-Nat n 
base 


step)). 


So each add1 in the value of target is 
replaced by a step, and the zero is 
replaced by base. 
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The Law of iter-Nat 


If target is a Nat, base is an X, and step is an 


then 
(iter-Nat target 
base 
step) 
is an X. 


The First Commandment of iter-Nat 


If (iter-Nat zero 
base 


step) 
is an X, then it is the same X as base. 


The Second Commandment of iter-Nat 


If (iter-Nat (add1 7) 
base 
step) 
is an X, then it is the same X as 
(step 
(iter-Nat n 
base 


step)). 


Eliminate All Natural Numbers! 
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That’s right. 


What is the normal form of 
(iter-Nat 5 
g 
(\ (smaller) 
(add1 smaller)))? 


Is the iter-Nat-expression’s type the same * 


as base’s type? 


Let’s use X as a name for base’s type. 


What is step’s type? 


” Tt is 8 because add1 applied five times 
successively to 3 is 8: 
(add1 
(add1 
(add1 
(add1 
(add1 3))))). 


It must be, because the value of the 
iter-Nat-expression is the value of base 
when target is zero. 


= step is applied to base, and it is also 
applied to an almost-answer built by 
step. So step must be an 
(9 xX 
X). 


Just as with which-Nat in frame 2:45, the 


® ‘The target is 


names target, base, and step are 5, 
convenient ways to refer to iter-Nat’s é 
The base is 
arguments. 5 
What are the target, base, and step in and the step is 
this iter-Nat-expression? 0 (kK) 
(iter-Nat 5 (add1 k)). 
3 
(> (k) 
(add1 k))) 
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Thus far, we have referred to + as if it 
were completely understood, and 
assumed that it has a normal form, but 
there is no definition for +. 


What should +’s type be? 


That’s right. 


If recursion were an option, then this 
would be a proper definition. 


(define + 


(s (mJ) 
(which-Nat n 


How can + be defined with iter-Nat? 


The step is based on the wrapper box in 
the recursive version of +. It describes 
how to change an almost-answer, +), 
into an answer. 


Replace the gray box (which contains the 
recursion) with the argument to the step 
as the almost-answer. Remember the 
white box. 


Eliminate All Natural Numbers! 


+ takes two Nats and returns a Nat. 


(claim + 
(—> Nat Nat 
Nat)) 


Defining + using iter-Nat requires a base 
and a step. The base is j because of this 
“same as” chart: 


1.| (+ zero /) 
217 
Is there a good way to find the step? 


” Here goes. 

(claim step-+ 
(—> Nat 
Nat)) 

(define step-+ 

(X (+n) 

(add1 


es) )) 
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We can’t define a new name unless all 
the names in both the type and the 
definition are already defined.t 


TIE definitions could refer to each other, then 
we could not guarantee that every defined function 
would be a total function. 


Yes, + is now defined. 


What is (+ (addi zero) 7)? 


Can iter-Nat be used to define gauss? 


” And + refers to step-+, which is now 


defined. This definition deserves a solid 
box! 


(define + 
(d (nj) 
(iter-Nat n 
J 
step-+))) 


” It is 8 because 


1. | (+ (addi zero) 7) 
2. | (iter-Nat (add1 zero) 
7 
step-+) 
3. | (step-+ 
(iter-Nat zero 
7 
step-+)) 
4. | (add1 
(iter-Nat zero 
¢ 
step-+)) 
5.| (add 7), 


which is 8. 
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iter-Nat shows a way to repeatedly 
eliminate the smaller Nat tucked under 
an add1. 


Eliminating the smaller Nat ... this 
sounds like the approach that gauss 
follows. 
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Close, but the step doesn’t have enough 
information. gauss needs an eliminator 
that combines the expressiveness of both 
which-Nat and iter-Nat. This eliminator 
is called rec-Nat. 


30 


What is rec-Nat? 


The step for rec-Nat is applied to two 
arguments: the smaller Nat tucked under 
the add1, and the recursive answer on the 
smaller Nat. This is the approach used in 
the definition of gauss in frame 2:59. 


This is the rec-Nat pattern.t 


t'The rec-Nat pattern is also referred to as primi- 
tive recursion. Thank you, Rézsa Péter (1905-1977), 
Wilhelm Ackermann (1896-1962), Gabriel Sudan 
(1899-1977), and David Hilbert (1862-1943). 
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How can gauss be defined using rec-Nat? 


In this frame, there are two definitions of 
gauss: the dashed box from frame 2:59 
and a version using rec-Nat. 


What are the differences? 


| (define gauss 
(X (n) 
(which-Nat n 
0 
QA (n-) 


(+ (add1 n-t) 


/ (define gauss 

1 (A (n) 

t (rec-Nat n 

} 0 

1X (rel gauss) 
' 
1 
1 


(+ (add1 1-1) | gauss,, |) 
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There are three differences: 
1. which-Nat is replaced by rec-Nat, 


2. the inner \-expression has one 
more variable, gauss,;, and 


3. the recursion (gauss n-l) is replaced 
by the almost-answer gauss,,). 


Eliminate All Natural Numbers! 
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The names n-1 and gauss,; are chosen to 
be suggestive of what they mean, but 
they are just variable names. 


The arguments to rec-Nat have the same 
special names as iter-Nat: they are 
always called target, base, and step. 


As with iter-Nat, if the target is zero, 
then the value of the rec-Nat-expression 
is the value of the base. 


as 
How can we determine the values of 


rec-Nat-expressions? 


What about when the target has add1 at 
the top? 


which-Nat applies its step to the smaller 
Nat tucked under the add1. 


iter-Nat applies its step to an 
iter-Nat-expression with the same base 
and step, but with the smaller Nat 
tucked under add1 as the new target. 


How could these be combined? 


36 2 
Here is a guess. 


The step is applied to the smaller Nat. 
The step is, however, also applied to a 
rec-Nat-expression with the same base 
and step, but with that very same 
smaller Nat as the target. 


Good guess. When rec-Nat is used with 
a non-zero Nat as the target, the target 
shrinks by removing an add1 each time. 
Once again, the base and step do not 
change. 


What is the value of 


(rec-Nat (add1 zero) 
0 
(X (n-l almost) 
(add1 
(addi almost))))? 


” Tt is the step applied to zero and the new 


rec-Nat expression. That is, 


((X (n-l almost) 
(add1 
(add1 almost))) 
zero 
(rec-Nat zero 
0 
(\ (n-l almost) 
(addi 
(add1 almost))))). 
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The resulting expression in the preceding ” Tt is 


frame is not a value, but it is the same (add 
as the original one. (add1 
-Nat 
What is the value? ~ sli 
(X (n-l almost) 
(add1 


(add1 almost)))))), 


which is a value because it has add1 at 
the top. 


What is its normal form? * It is 


(add 
(addi 0)). 


The target is zero and the base is 0. 


A rec-Nat-expression is an expression What type should the base and step 
only if the target is a Nat. have? 
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The base must have some type. Let’s call —_Is that all? 
it X, again. X can be any type, but the 
rec-Nat-expression has the same type as 

the base—namely X. 


No. The step is applied to two arguments: 
the first is a Nat because it is tucked 
If the base is an X, then the step must under an add1 in a target. The second 
be an argument is almost. almost is an X 
(> Nat X because almost is also built by rec-Nat. 
X). 


Why is this the right type for the step? 
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How does this relate to the step’s type in . 


which-Nat and iter-Nat? 


Like which-Nat, rec-Nat’s step accepts 
the smaller Nat tucked under the target’s 
add1. Like iter-Nat, it also accepts the 
recursive almost-answer. 


Here is a function that checks whether a 
Nat is zero. 


(claim step-zerop 
(— Nat Atom 
Atom)) 
(define step-zerop 
(A (n-l zerop,1) 
‘nil)) 


(claim zerop 
(—> Nat 
Atom)) 
(define zerop 
(a (n) 
(rec-Nat n 
3 
step-zerop)))! 


We use 't and 'nil as two arbitrary values. This 
may be familiar to Lispers (Thank you, John Mc- 
Carthy (1927-2011)), but zerop is called zero? in 
Scheme (Thanks, Gerald J. Sussman (1947—) and 
Guy L Steele (1954-)), 


7 F Z 
Why use rec-Nat, which is recursive, to 


define something that only needs to 
determine whether the top constructor is 
zero or add1? After all, which-Nat would 
have been good enough. 


which-Nat is easy to explain, but rec-Nat 
can do anything that which-Nat (and 
iter-Nat) can do. 


Why are the A-variables in step-zerop 
called n-1 and zerop,;? 
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4 . : 
The name n-l is once again chosen to 


suggest one less than n because it is one 
less than the target Nat, that is, the Nat 
expression being eliminated. The name 

zerop,, suggests (zerop n-1). 
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The step is merely a \-expression, so any 
other unused variable names would work, 
but this style of naming variables in 
steps is used frequently. 


Both arguments to step-zerop are 
unused, which is why they are dim. 
Thus, the definition only seems to be 
recursive; in fact, it is not. 


” What is the point of a \-expression that 
does not use its arguments? 


The step used with rec-Nat always takes 
two arguments, though it need not 
always use them. 


What is the value of (zerop 37)? 


“ Let's see. 
1. | (zerop (add1 36)) 


2. | (rec-Nat (add1 36) 
' 
t 
step-zerop) 
3. | (step-zerop 36 
(rec-Nat 36 
"t 
step-zerop) ) 
4.} "nil 


The value is determined immediately. 
The value for 36, which is (add1 35), is 
not necessary, so there’s no reason to 
find it. 


We need not evaluate expressions until 
their values actually become necessary. 
Otherwise, it would take a lot of work to 
evaluate the argument to step-zerop 
(rec-Nat 36 

"t 

step-zerop), 
so the “same as” chart would have at 
least 105 more lines. 


iv : * . . 
Sometimes laziness is a virtue. 
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Is (zerop 37) the same as (zerop 23)? * Yes indeed. 


1.] "nil 
2. | (step-zerop 22 
(rec-Nat 22 
't 
step-zerop) ) 
3. | (rec-Nat (add1 22) 
' 
t 
step-zerop) 
4. | (zerop (add1 22)) 


Here is the step for gauss. ‘This definition uses the naming 


convention from frame 44. 


(claim step-gauss 
(— Nat Nat 
Nat)) 
(define step-gauss 
(\ (n-l gauss,,;) 
(+ (add1 n-1) gauss,,))) 


Yes, it does. ” The explicit type does make it easier to 


read and understand the definition. 
Another advantage of defining a step is 


that its type is written explicitly, rather 
than implied by its use in rec-Nat. 
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)-variables in a step like zerop,, and Okay. 
gauss,,; are almost the answer, in the 
sense of frame 2:56. What is the solid-box definition of gauss? 
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Here it is. 


(define gauss 
(» (n) 
(rec-Nat n 
0 


step-gauss)) ) 


What is the base? 


- The base is the second argument to 
rec-Nat. In this case, it is 0, which is a 


Nat. 


What is the step? 


Indeed it is. 


It is O because 
(rec-Nat zero 

0 
step-gauss) 


is the same as the second argument to 
rec-Nat, which is 0. 


Here is a start for finding the value of 
(gauss (add1 zero)). 


1. | (gauss (add1 zero)) 


2. | (step-gauss zero 
(rec-Nat zero 
0 
step-gauss)) 
3. | (+ (add1 zero) 
(rec-Nat zero 
0 
step-gauss)) 
Now finish finding the value. 


It is step-gauss. 


What is (gauss zero) using this 


definition? 
Here we go. 
4. | (iter-Nat (add1 zero) > 
(rec-Nat zero 
0 
step-gauss) 
step-+) 
5. | (step-+ 


(iter-Nat zero 
(rec-Nat zero 
0 
step-gauss) 
step-+)) 


- | (add 


(iter-Nat zero 
(rec-Nat zero 
0 
step-gauss) 
step-+)), 


which is a value because it has add1 at 
the top. 
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Is that value normal? No, but this chart finds its normal form. 


7. | (add 
(rec-Nat zero 
0 
step-gauss) ) 
8.|(add1 0), 


which is indeed normal. 
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Why is rec-Nat always safe to use? That’s a good question. 


When the target has add1 at its top, 
then rec-Nat is recursive. If recursion is 
not an option, why is this acceptable? 


If the step does not rely on the How do we know that? 
almost-answer, as in frame 43, then a 

value has already been reached. If the 

step does rely on the almost-answer, 

then the recursion is guaranteed to reach 

the base, which is always a value or an 

expression that becomes a value. 


Because every target Nat is the same as ” How do we know that 7 is smaller? 
either zero or (add1 n), where nis a 
smaller Nat. 


The only way that it could be the same ” io why can’t we use this style of 

or larger is if the target Nat were built reasoning for any recursive definition? 
from infinitely many addls. But because 

every function is total, there is no way to 

do this. Likewise, no step can fail to be 

total, because here all functions are 

total, and each step applies a function. 
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This style of reasoning cannot be “Are there more interesting examples of 
expressed with our tools. But once we definitions using rec-Nat? 

are convinced that rec-Nat with a total 

step is a way to eliminate any target Nat, 

we no longer need to reason carefully 

that each new definition is total.’ 


tLoosely speaking: we can't, but even if we were 
able to, it would be exhausting. 


It can be used to define *? to mean "x takes two Nats and their product is a 
multiplication. Nat. So here is %*’s type. 
In other words, if n and j are Nats, then (claim * 

(« nj) (—> Nat Nat 

4 Nat)) 

should be the product of n and /. 

i is pronounced “times.” 
At each step, + adds one to the answer oe adds Jj, its second argument, to the 
so far. What does * do at each step? almost-answer. 


Here is make-step-*, which yields a step “Phat doesn’t look like the preceding 
function for any j. steps. 


: (claim make-step-* 
‘(> Nat 

t (> Nat Nat 

' Nat))) 

| (define make-step-* 
OG) 

' (X (nl a1) 
' 
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No matter what j is, make-step-* * Okay. 

constructs an appropriate step. This step 

takes two arguments because steps used The argument to make-step-* is j, which 

with rec-Nat take two arguments, as in is added to the product at each step. 

step-zerop from frame 46. The base is 0 because multiplying by 
zero is 0. 

Now define x. "define + ' 
1 0s (nJ) 
| (rec-Nat n ' 
0 ' 
(make-step-* j)))) | 

It may look as though make-step-* is ‘That can’t be the same definition. It has 

doing something new. It is a a three-argument \-expression. 


d-expression that produces a new 
d-expression. Instead of this two-step 
process, it is possible to collapse the 
nested \s into a single ). 


(claim step-* 
(—> Nat Nat Nat 
Nat)) 
(define step-* 
(X GU n-l ¥py1) 
(+ J *n1))) 


make-step-« produces a step for any 
given /. And, despite their seeming 
difference, make-step-* and step-* have 
the same definition. 


86 Chapter 3 


prior permission, Violators will be prosecuted. 


In fact, all \-expressions expect exactly 
one argument. 
( (x y 2) 
(+ x (+ 2))) 
is merely a shorter way of writing 
A (x) 
(s () 
(A (2) 
(+ x (+ y z))))). 


It is a shorter way of writing 
(— Nat 
(— Nat 
(— Nat 
Nat))). 


If f is an 


(— Nat Nat Nat 
Nat) 


then 


(fry2) 


is merely a shorter way of writing 


(ff zy) 2), 


which is a shorter way of writing 


(((F 2) y) 2). 


Eliminate All Natural Numbers! 


67 


Does that mean that 
(—> Nat Nat Nat 
Nat) 
is also a shorter way of writing 
something? 


If a function takes three arguments, it is 
possible to apply the function to just one 
of them. 


Is it also possible to apply the function 
to just two arguments? 


Does this mean that every function takes 
exactly one argument? 
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Indeed. Every function takes exactly one a 


argument. 


Defining functions that take multiple 
arguments as nested one-argument. 
functions is called Currying.t 


tThank you, Haskell B. Curry (1900-1982) and 
Moses Ilyich Schénfinkel (1889-1942). 


Here are the first five lines in the chart 
for the normal form of (%* 2 29). 

1. | (# 2 29) 

2. | ((d (nj) 

(rec-Nat n 

0 
(step-* j))) 
2 29) 
3. | (rec-Nat (addi 
(add1 zero)) 

0 
(step-%* 29)) 
4, | ((step-* 29) 
add1 zero) 
(rec-Nat (add1 zero) 
0 
(step-% 29))) 
5. 1((X (n-l p21) 

(+ 29 %*,7)) 
add1 zero) 
rec-Nat (add1 zero) 

0 

(step- 29))) 
Now, find its normal form. 


Now the definition of * deserves a box. 


(define * 
( (mJ) 
(rec-Nat n 
0 


(step-* j)))) 


Even though step-* looks like a 
three-argument \-expression, it can be 
given just one argument. rec-Nat expects 
that its step is a function that would get 
exactly two arguments. 


i Ah, Currying is involved. 


6. | (+ 29 
(rec-Nat (add1 zero) 
0 
(step-* 29))) 
- | (+ 29 
((step-* 29) 
zero 
(rec-Nat zero 
0 
(step-* 29)))) 


8.] (+ 29 
(+ 29 
(rec-Nat zero 

0 

(step-% 29)))) 
9. | (4 29 
(+ 29 0)) 
10. |58 


Are any steps left out of this chart? 
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The Law of rec-Nat 


If target is a Nat, base is an X, and step is an 
(— Nat X 
x) 
then 
(rec-Nat target 
base 
step) 
is an X. 


The First Commandment of rec-Nat 


If (rec-Nat zero 
base 


step) 
is an X, then it is the same X as base. 


The Second Commandment of rec-Nat 


If (rec-Nat (add1 n) 
base 
step) 
is an X, then it is the same X as 
(step n 
(rec-Nat n 
base 
step)). 


Eliminate All Natural Numbers! 
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Yes, making (+ 29 0) and the resultant. * ‘Thanks. 


(+ 29 29) normal.t 
a At first, this chart seemed like it would 
tThis chart saves paper, energy, and time. be tedious. 


That’s just right. * This function always returns 0. 


What is a good name for this definition? 


(claim step 


— Nat Nat 
Nat)) 


(define ste, 


X (n-1 almost) 
(*% (add1 1-1) almost))) 


f i 
H H 
' i 
1 1 
(claim [__] 
' (> Nat ! 
, Nat)) : 
| (define ‘ 
+ (A(n) ‘ 
| (rec-Nat n \ 
' 0) H 


step{_]))) 


Very observant. " So these powerful types prevent defining 


five to be 9 as in frame 2:36? 
A shortcoming of types like Nat is that 


they don’t say anything about which Nat 
was intended. Later, we encounter more 
powerful types that allow us to talk 
about particular Nats.* 


t Actually, the definition in frame 73 was sup- 
posed to be factorial. The oversight, however, sur- 
vived unnoticed in more drafts than the authors 
would like to admit. We leave the task of correcting 
it to the reader. 
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Absolutely not. bs Interesting. 


Types do not prevent foolishness like 
defining five to be 9. We can, however, 
write some of our thoughts as types. 


Go eat (+ 2 2) bananas, and rest up. 


Eliminate All Natural Numbers! 
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In frame 2:70, we defined Pear as 


‘(claim Pear 

; U) 

| (define Pear 

| (Pair Nat Nat)) 


Pear’s eliminator was defined using car 
and cdr, 


And... 


What must an eliminator for Pear do? 


An eliminator must expose (or unpack) 
information in a Pear. 


What about Pair’s eliminator? What 
must it do? 


An eliminator for Pair must expose 
information in a Pair. 


That's close. 


As seen in frame 1:22, Pair alone is not 
an expression, however 


(Pair Nat Nat) 


is an expression and it has an eliminator. 


(Pair Nat Atom) 
also has an eliminator. 


Here’s another try: an eliminator for 
(Pair Nat Nat) 

must expose information in a particular 
(Pair Nat Nat), 

and an eliminator for 
(Pair Nat Atom) 

must expose information in a particular 
(Pair Nat Atom). 


But this would imply that there are lots 
of eliminators for Pair, because it is 
always possible to nest them more 
deeply, as in frame 2:36. 


That sounds like lots of names to 
remember. 


Easy as Pie 
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It would be! No matter what? Even if A were 
‘apple-pie? 

As it turns out, there is a better way. It 

is possible to provide an eliminator for 

(Pair A D), no matter what A and D are. 


Okay, not absolutely anything. Whew! What does that eliminator look 
like? 

Based on frame 1:54, (Pair A D) is not a 

type unless A and D are types. That is, 

A must be a type and D must be a type. 


Here’s an example. Why does elim-Pair have so many 
arguments? 


(claim kar 
(— (Pair Nat Nat) 
Nat)) 


(0 (p) 

' (elim-Pair 
1 Nat Nat 
Nat 

' 

' 


Because elim-Pair has not yet been 
defined, the definition of kar is in a 
dashed box, however, nothing else is the 
matter with it. 
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In this definition, efim-Pair has the type 
Nat as its first three arguments. The first 
two specify the types of the car and the 
cdr of the Pair to be eliminated.’ The 
third Nat specifies that the inner 
d-expression results in a Nat. 

tThus, the types of the arguments a and d in 
the inner \-expression are also Nat. 


The inner \-expression describes how to 
use the information in p’s value. That 
information is the car and the cdr of p. 


, 
What does the inner \-expression mean 


Why is d dim? 


? 


The argument name d is dim because it 
is declared in the inner \-expression, but 
it is not used, just as in frame 2:47. 


Now define a similar function kdr that 
finds the cdr of a pair of Nats. 


It’s nearly the same as kar. 


(claim kdr 
(—> (Pair Nat Nat) 
Nat)) 
\(define kKdr 
1 (d (p) 
\ (elim-Pair 
' Nat Nat 
' Nat 
p 
1 (d (a d) 
q)))) 


This time, a is dim because it is not us 


ed 


in the inner }-expression, while d is dark 


because it is used. Because elim-Pair is 
not yet defined, kdr is in a dashed box, 
just like kar. 


Easy as Pie 
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That’s right. 


Write a definition called swap that swaps 
the car and cdr of a (Pair Nat Atom). 


~ Here is swap’s type. 


(claim swap 
(— (Pair Nat Atom) 
(Pair Atom Nat))) 


Now define swap. 


In general, elim-Pair is used like this: 
(elim-Pair 

AD 

xX 

Pp 

f), 
where p is a (Pair A D) and f determines 
the value of the expression from the car 
and the cdr of p. This value must have 
type X. 


What is elim-Pair’s type? 


* And here is swap’s definition. Once 


again, it is in a dashed box, like kar and 
kdr. 


| (define swap 

1 (0 (p) 

\ (elim-Pair 

\ Nat Atom 

' (Pair Atom Nat) 


p 
(d (a d) 
(cons d a))))) 


" Here is a guess. It could be 


(9 AD 
x 
(Pair A D) 
(~ AD 
X) 
Xx) 
because A, D, and X are the first three 
arguments, the fourth argument is a 
(Pair A D), and the fifth argument is a 
maker for X based on an A and a D, 


But what are A, D, and X in that 
expression? 


* Are A, D, and X the first three 


arguments to elim-Pair? 
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Do they refer to types that are already 
defined? 


No. They refer to whatever the 
arguments are, 


Names that occur in an expression must 
refer to either a definition or to an 
argument named by a \. There is clearly 
no ) in that expression, and neither A 
nor D nor X are defined. 


Indeed. 


The thought process makes sense, 
however. Recall what it means to be an 
(? ¥ 
x). 


Are Y and X types? 
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This must mean that the expression in 
frame 14 is not, in fact, a type. 


An 
(--~ Y 
x) 
is a \-expression that, when given a Y, 
results in an X. It can also be an 
expression whose value is such a 
d-expression, right? 


They must be. Otherwise, 
CY 
x) 
would not be a type. 


In the proposed type for elim-Pair, are A, Fe 


D, and X type constructors? 


No, they are not the same kind of 
expression as Nat and Atom, because 
they can be different each time elim-Pair 
is applied, but Nat is always Nat. 


In the proposed type for elim-Pair, are A, 
D, and X names that are defined to 
mean types? 


Easy as Pie 
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No, because again, they can be different 
each time elim-Pair is applied, but once a 
name is defined, it always means the 
same thing. 
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The eliminator must be able to talk 
about any types A, D, and X. 


It can’t, but M1! can. 


tM is pronounced “pie,” and it can optionally be 
written Pi. 


* Tt sounds like —> can’t do the job. 


What does M mean? 


Here’s an example. 


(claim flip 
(1 (A U) 
(D U)) 
(> (Pair A D) 
(Pair D A)))) 
(define flip 
(4 (A D) 
(d (p) 


(cons (cdr p) (car p))))) 


Good question. 


It can. 


What is the value of (flip Nat Atom)? 


Does that mean that a \-expression’s 
type can be a [1-expression? 


If both M and — can describe 
d-expressions, how do they differ? 


' Tt must be the \-expression 
(» (p) 
(cons (cdr p) (car p))) 
because flip is defined to be a 
d-expression and it is applied to two 
arguments, Nat and Atom. 


What is the value of 
((flip Nat Atom) (cons 17 'apple))? 


Tt is 

(cons ‘apple 17), 
which is a 

(Pair Atom Nat). 
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The difference between M and — is in 
the type of an expression in which a 
function is applied to arguments. 


(flip Nat Atom)’s type is 


(— (Pair Nat Atom) 
(Pair Atom Nat)). 


This is because when an expression 
described by a [-expression is applied, 
the argument expressions replace the 
argument names in the body of the 
f-expression. 


* How does the body of a M-expression 
relate to the body of a \-expression? 


Both M-expressions and -expressions 


introduce argument names, and the body 


is where those names can be used. 


In this [-expression, 
(1 ((A U) 
(DU)) 
(— (Pair A D) 

(Pair D A))), 
the argument names are A and D. 
N-expressions can have one or more 
argument names, and these argument 
names can occur in the body of the 
N-expressions. 


29 
What are argument names? 


” What is the body of a N-expression? 


Easy as Pie 
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In this N-expression, ” What do the A and the D refer to in the 
(n ((AU) N-expression’s body? 
(DU)) 
(— (Pair A D) 


(Pair D A))), 
the body is 
(> (Pair A D) 
(Pair D A)). 
It is the type of the body of the 


d-expression that is described by the 
body of the M-expression. 


The Intermediate Law of Application 
Iffisa 
(n ((Y Y)) 
x) 


and Zis aU, then 
(f 2) 


is an X 
where every Y has been consistently replaced by Z. 


The A and the D in the body refer to * Does that mean that the type of 
specific types that are not yet known. (flip Atom (Pair Nat Nat)) 
No matter which two types A and D are 


‘ ‘ is 
arguments to the \-expression that is : 


described by the N-expression, the result (— (Pair Atom 
of applying that \-expression is always (Pair Nat Nat)) 
an (Pair (Pair Nat Nat) 
2 
(+ (Pair A D) ftom)? 
(Pair D A)). 
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That’s right. 


Why is that the case? 


Are 
(11 ((A U) 
(DU)) 
(— (Pair A D) 
(Pair D A))) 
and 
(1 ((Lemon U) 
(Meringue U)) 
(— (Pair Lemon Meringue) 
(Pair Meringue Lemon))) 
the same type? 


Are 
(N ((A U) 
(DU)) 
(— (Pair A D) 
(Pair D A))) 
and 
(1 ((A U) 
(DU)) 
(—> (Pair 
(car 
(cons A D)) 
(cdr 
(cons A D))) 
(Pair D A))) 


the same type? 
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The variables A and D are replaced with 
their respective arguments: Atom and 
(Pair Nat Nat). 


Yes, because consistently renaming 
variables as in frame 2:21 does not 
change the meaning of anything. 


Yes, because 


(car 
(cons A D)) 


and A are the same type, and 


(cdr 
(cons A D)) 


and D are the same type. 


Easy as Pie 
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Could we have defined flip this way? 

‘(claim flip H 
1 (1(AU) b 
i (D U)) ' 
i (— (Pair A D) | 
' (Pair D A)))) H 
| (define flip } 
1 (A(CA) t 
1 0 (p) ' 
' (cons (cdr p) (car p))))) i 


The proposed definition of flip in 
frame 36 is allowed. Like defining five to 
mean 9, however, it is foolish. 


The names in the outer \ need not 
match the names in the M-expression. 
The C in the outer \-expression matches 
the A in the [-expression because they 
are both the first names. The A in the 
outer \-expression matches the D in the 
N-expression because they are both the 
second names. What matters is the order 
in which the arguments are named.t 


What does p in the inner \-expression 
match? 
tEven though it is not wrong to use names that 


do not match, it is confusing. We always use match- 
ing names. 


39 


How can the C and the A in the 
definition in frame 36 be consistently 
renamed to improve the definition? 


Here’s a guess. 


In this definition, the names in the outer 
d-expression are different from the names 
in the [-expression. That seems like it 
should not work. A is in the wrong place, 
and C is neither A nor D. 


Why is it allowed? 


The p matches the (Pair A D) after the 
—-, which gives the inner \-expression’s 
argument type. 


First, the A should be renamed to D. 
Then, the C can be renamed to A. 


Isn’t this the definition in frame 24? 


102 


Chapter 4 


prior permission, Violators will be prosecuted. 


Is it now possible to define a single 


eliminator for Pair? 


© Yes. Shouldn't the type be 


(N (AU) 
(DU) 
(X U)) 
(> (Pair A D) 
(9 AD 
X) 
x))? 


Tt looks a lot like the type in frame 14. 


That's right. 


What is the definition of elim-Pair? 


How about this? 


(claim elim-Pair 
(N (Au) 
(DU) 
(X U)) 
(— (Pair A D) 
(—2AD 
x) 
X))) 
(define elim-Pair 
(\(ADX) 
( (p f) 
(f (car p) (cdr p))))) 


Now kar deserves a solid box. 


And so does kdr. 


(define kar 
(» (p) 
(elim-Pair 
Nat Nat 
Nat 
p 
(A (a d) 
a)))) 


(define kdr 
(» (p) 
(elim-Pair 
Nat Nat 
Nat 
p 
(A (a d) 
q)))) 


Easy as Pie 
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So does swap. 


Even though a [-expression can have 
any number of argument names, it is 
simplest to first describe when a 

one-argument [-expression is a type. 


To bea 
(n ((Y Y)) 
x) 
is to be a \-expression that, when applied 
to a type T, results in an expression with 
the type that is the result of consistently 
replacing every Y in X with T. 


* Right. 


(define swap 
(d (p) 
(elim-Pair 
Nat Atom 
(Pair Atom Nat) 


p 
(A (a d) 
(cons d a))))) 


. Forgetting something? 


It can also be an expression whose value 
is such a )-expression. 


” Tt is important not to forget evaluation. 


Is this a complete description of 
N-expressions? 


No, not yet. 


Based on one-argument [1-expressions, 
what does it mean to be a 
(nN ((Y U) (ZU) 
x)? 


46 


It must mean to be a -expression or an 
expression that evaluates to a 
}-expression that, when applied to two 
types T and S, results in an expression 
whose type is found by consistently 
replacing every Y in X with T and every 
Z in the new X with S. 
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M-expressions can have any number of * How about this one? 
arguments, and they describe (r (A) 
d-expressions that have the same number (d (a) 


of arguments. (cons a a)))? 


What expressions have the type 
(N ((A Y)) 
(OA 
(Pair A A)))? 


ree 
Here is a name for a familiar expression.t _It is 


‘(claim twin-Nat==SSSSsStS*~S~S j poner op 


1 (3 Nat 
: (Pair Nat Nat))) : 
| (define twin-Nat ' 
1 (A (x) ' 
(cons x x))) 1 


What is the value of 
(twin-Nat 5)? 


Ht is familiar from frame 2:19. 


Here is a very similar definition. It is 


‘(claim twin-Atomn = ssSsSs~S 1 (cons 'cherry-pie 'cherry-pie). 


| (— Atom 
(Pair Atom Atom))) 


" What is the matter with these 
' 

| (define twin-Atom 

\ 

1 

' 

' 


definitions? Why don’t they deserve 
' solid boxes? 
(A (x) 


(cons x x))) 


What is the value of 
(twin-Atom 'cherry-pie)? 
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There is nothing specific to Nat or Atom ” Here is the general-purpose twin. 


about (aan .tw 
claim twin 
Ot (n((Y w) 
(cons a a)). (3 Y 
Instead of writing a new definition for (Pair Y Y)))) 
each type, I can be used to build a (define twin 
general-purpose twin that works for any (d (Y) 
type. © 6) 
(cons x x)))) 
What is the value of (twin Atom)? "(twin Atom) is 
(d (x) 
(cons x x)). 
What is (twin Atom)’s type? ~ Consistently replacing every Y in 
-Y 
(Pair Y Y)) 
with Atom results in 
(— Atom 
(Pair Atom Atom)). 
What is the relationship between ” twin-Atom’s type and (twin Atom)’s type 
twin-Atom’s type and (twin Atom)’s are the same type. 
type? 
Next, define twin-Atom using the * Tt can be done using the technique from 
general-purpose twin. frame 27. 
(claim twin-Atom (define twin-Atom 
(—> Atom (twin Atom)) 
(Pair Atom Atom))) 
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Is . Yes, and its value, but also its normal 
(twin-Atom 'cherry-pie) form is 

the same (cons 'cherry-pie 'cherry-pie). 
(Pair Atom Atom) 


There’s twice as much for dessert! 
as 


((twin Atom) 'cherry-pie)? 


Now go to your favorite confectionary shop 
and share a delicious cherry II. 


Ceci n’est pas une serviette! 


}Thank you, René Francois Ghislain Magritte (1898-1967). 
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How was that 1? * Delicious. A napkin would have made 
eating less messy, though. 


Before we begin, have you * ‘That's quite the list of expectations. 
e cooked ratatouille, 
e eaten two pieces of cherry pie, 


e tried to clean up with a picture of 
a napkin, 


e understood rec-Nat, and 


e slept until well-rested? 


. 3 ss cee . : 
Yes, but they’re great expectations. This is confusing in these ways: 


(claim expectations e :: has not yet been described, 
(List Atom)) 
(define expectations 
(2: "cooked 
(:: "eaten e the atom 'nil has been used as part 


(:: 'tried-cleaning of step-zerop. 
(:: 'understood 


e the type constructor List has not 
been described, and 


(:: "slept nil)))))) 
Is 'nil the same as nil in frame 3? : No, it isn’t, because the nil in frame 3 is 
not an Atom—it does not begin with a 
tick mark. 


Is nil an expression? 


List is a type constructor. If Z is a type, * What does it mean to be a (List E), 
then (List B)! is a type. then? 


TPronounced “list of entries of type Z.” or simply 


“list of B.” 
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The Law of List 


If E is a type, 
then (List £) is a type. 


Is nil a (List Atom)? 


Yes, nil is a (List Atom). 


Is nil a (List Nat)? 


nil looks like it plays the role of the 
empty list in frame 3. 


Not likely, because nil is a (List Atom). 


Actually, nil is a (List Nat) as well. 


Is nil a (List (List Atom))? 


Yes, because (List Atom) is a type, so 
(List (List Atom)) is also a type. What 
about (List (Pair Nat Atom))? 


Is nil one of those, too? 


Yes, it is. 


No, it is not, because "potato is not a 
type. 


Does that mean that nil is a 
(List "potato) 
as well? 


Is it for the same reason that 
(Pair ‘olive ‘oil) 
in frame 1:52 is not a type? 


Yes. 


(List "potato) is not a type, because 
"potato is an Atom, not a type. 
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then (List £) is a type, right? 
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And if (List 2) is a type, “All right. 


then Hil ise (List-E}. Is nil a constructor? 


Yes, nil is a constructor. Based on expectations, :: is the other 


constructor, 
Guess the other constructor of (List £). 


How does ::' differ from cons? " ... but the constructor cons builds a 


Pair. 
The constructor :: builds a List ... 
tFor historical reasons, :: is also pronounced 
“cons” or “list-cons.” 
. . . is 15 ¥ 
It is possible to have a list of pairs, or a Well, es must be a (List E). es could be 
pair of lists. nil, and nil is a (List £). 
When is (:; e est) a (List E)? 
tThe plural of ¢ is es and is pronounced ease. 
es is used because the rest of a list could have any 
number of entries. 
Can e be anything at all? Of course! 
IT 
Of course not! Try again. " Here’s a guess: e must be an F because 
E has not yet been used for anything 
else. 
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Right answer; wrong reason. “What are the ingredients? 


e must be an E because in order to use 
an eliminator for (List 2), we must know 
that everything in the list is an 2. 


Define rugbred‘ to be the ingredients of 
Danish rye bread. 


t Pronounced ['su,hweed?]. If this is no help, ask 
a Dane. 


The ingredients in rugbrod are: ” “What type should rugbrad have? 


e whole-grain rye flour, 


e 


rye kernels, soaked until soft, 


@ pure water, 


active sourdough, and 


e salt. 


(List Atom), because each ingredient is Okay, here goes. 
an Atom. 


(claim rugbred 
(List Atom)) 
(define rugbrgd 
(:: 'rye-flour 

(:: 'rye-kernels 


(:: ‘salt nil)))))) 


Very good. , Yes, rugbrad is quite tasty! It does need 
something on top, though. 


112 Chapter 5 


prior permission, Violators will be prosecuted. 


Let’s get back to that. 


How does rugbrgd differ from 5? 


They appear to have nothing in 
common. 5 is made up of add1 and zero. 
Also, 5 is not tasty. 


How many ingredients does rugbrad 
contain? 


Five. 


In addition to only requiring five 
ingredients, rugbrgd doesn’t even need 
kneading. 


11 makes a list bigger, while add1 makes 
a Nat bigger. 


Does nil have something to do with zero 
as well? 


Does :: have something to do with add1, 
then? 


"nil is the smallest list, while zero is the 


smallest Nat. 


Does the eliminator for lists look like one 
for Nats? 


The Law of nil 


nil is a (List #), no matter what type F is. 


then (:: e es) is a (List £). 


The Law of :: 


If e is an F and es is a (List F), 
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Yes, it does. 


What type does 
(rec-Nat target 
base 
step) 


have? 


26 
The rec-Nat-expression is an X when 


e target is a Nat, 
e base is an X, and 


e step is an (— Nat X X). 


The eliminator for (List FE) is written 


(rec-List target 
base 
step) 
and it is an X when 


e target is a (List F), 
e base is an X, and 


e step is an (— E (List B) X X). 


How does this differ from rec-Nat? 


Nicely done! 


In both cases, the step accepts every 
argument from the corresponding 
constructor as well as the recursive 
elimination of the smaller value. 


rec-List’s step takes one more argument 
than rec-Nat’s step—it takes e, an entry 
from the list. 


Eliminators expose the information in 
values. 


The base exposes a lot of information 
about the result of a rec-List. What are 
two uses of rec-List that have 0 as their 
base? 


One use is to find the length of a list. 
Another is to find the sum of all the Nats 
in a (List Nat). 
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Those are two good examples. ” Tt must be 0, because 0 is the base and 


the value of the base must be the value 
With this definition for nil. 


| (claim step 
| (> Atom (List Atom) Nat 
Nat)) 


| (define step{ 
1 
' 


(X (e es n) 
(addi n))) 


what is the value of 
(rec-List nil 
0 
step )? 


That’s right. " That sounds lekkert! 


A kartoffelmad is rugbrgd with toppings 
and condiments. 


(claim toppings 
(List Atom)) 
(define toppings 
(1: "potato 
(:: "butter? nil))) 


(claim condiments 
(List Atom)) 
(define condiments 
(2: "chives 
(:: "mayonnaise! nil))) 


Or your favorite non-dairy alternative. 
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The Law of rec-List 


If target is a (List F), base is an X, and step is an 
(> E (List £) X 
X), 
then 
(rec-List target 
base 
step) 
is an X. 


The First Commandment of rec-List 
If (rec-List nil 
base 


step) 
is an X, then it is the same X as base. 


The Second Commandment of rec-List 
If (rec-List (:: € es) 
base 
step) 
is an X, then it is the same X as 
(step e es 
(rec-List es 
base 
step)). 
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It is! 


What is the value of 
(rec-List condiments 
0 
step{___})? 


v2 
Let’s see. 


1. | (rec-List (:: ‘chives 

(:: "mayonnaise nil)) 
0 
step{__) 
2.| (step{—_] 
‘chives 
(2: "mayonnaise nil) 
(rec-List (:: 'mayonnaise nil) 


0) 
step{___])) 
3. | (add1 
(rec-List (:: 'mayonnaise nil) 
0 
step{—_])) 


What is the normal form? Feel free to 
leave out the intermediate expressions. 


The rec-List expression replaces each :: 
in condiments with an add1, and it 
replaces nil with 0. 


What is a good name to fill in the box? 


33 


The normal form is 
(add1 
(add1 zero)), 


better known as 2. 


The name /ength seems about right. 


(— Atom (List Atom) Nat 
Nat)) 
(define step-length 
(d (e es length.,) 
(add1 length.,))) 
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Then this must be length. * But what about the length of 
(dain lagi cy 
( ts (21 24 


' (—> (List Atom) 
|” Nat)) (:: 13 nil)))? 
| (define length J 
' ' 
1 0d (es) 
| (rec-List es 1 
0 ' 
' step-length))) H 


That's easy, just replace Atom with Nat. "And here’s length for a list of Nats. 


(— Nat (List Nat) Nat (— (List Nat) 


1 1 ' ' 
|” Nat)) | | Nat)) 
| (define step-length | | (define length ‘ 
1 (X (e es length,,) + 1 (d(es) ' 
| (addi /ength,.))) | |. (rec-List es : 
ee nia i ee i ele ' 0 ' 

H step-length))) i 


wv 
Lists can contain entries of any type, not It’s as easy as 1. 
just Atom and Nat. 


(claim length 

(N ((E U)) 
(= (List E) 
Nat))) 


What can be used to make a version of 
step-length that works for all types? 


That claim requires a step. At each step, the length grows by add1. 
(claim step-length (define step-length 
(N ((E U)) (s (E) 
(> E (List E) Nat (d (e es length...) 
Nat))) (add1 length.,)))) 
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This uses the same technique as step-* 
in frame 3:66 to apply step-length to E. 


Now define length. 


39 


Passing E to step-length causes it to take 
three arguments. 


(define length 
( (E) 
(A (es) 
(rec-List es 
0 
(step-length E))))) 


Why is e in step-length dim? 


What is the value of (length Atom)? 


Because the specific entries in a list 
aren’t used when finding the length. 


It is 
(» (es) 
(rec-List es 
0 
(step-length Atom))), 
which is found by replacing each E with 
Atom in the inner \-expression’s body. 


Define a specialized version of length 
that finds the number of entries in a 
(List Atom). 


‘This uses the same technique as the 
definition of twin-Atom in frame 4:54. 


(claim length-Atom 
(— (List Atom) 
Nat)) 
(define length-Atom 
(length Atom)) 


Lists, Lists, and More Lists 


119 


prior permission, Violators will be prosecuted. 


That is a useful technique. 


Now it is time to assemble a delicious 
kartoffelmad from a slice of bread, 
toppings, and condiments. 


Define a function that appends two lists. 


8 


What should be the definition’s type? 


Is it possible to append a (List Nat) and 


a (List (Pair Nat Nat))? 


u 


No. 


All the entries in a list must have the 
same type. 


List Entry Types 


All the entries in a list must have the same type. 


As long as two lists contain the same 
entry type, they can be appended, no 


matter which entry type they contain. 


What does this say about the type in 
append’s definition? 


Exactly. 


What are the rest of the arguments? 


ty 


The type must be a [-expression. 


There must be two (List E) arguments. 
Also, the result is a (List E). From that, 
append must be a \-expression. 
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Here is the claim. Now start the " Tt isa )\-expression, but the body 
definition. remains a mystery. 


(define append 


(claim append 


(N(EU)) (s (E) 
(> (List E) (List ) | ( (start end) 
(List E)))) ))) i 
Us Fa Sal ae ca a ems “La oe rn J 
What goes in the box? “Some kind of rec-List. 
What is the value of i Clearly it must be 
(append Atom (2 "salt 
nil (:: "pepper nil)). 
(2: "salt 
(:: "pepper nil)))? 
And what is the normal form of ” Tt must be 
(append Atom (:: "cucumber 
(:: "cucumber (:: "tomato 
(:: "tomato nil)) (:: 'rye-bread nil))). 
(2: "rye-bread nil))? 
The value of (append E nil end) should ” What about the step? 
be the value of end. Thus, append’s last 
argument end is the base. 
The step’s type is determined by the "How about this one? 
Law of rec-List. It should work for any 
aniertype! (claim step-append 
(N ((EU)) 
(> E (List E) (List E) 
(List E)))) 


Lists, Lists, and More Lists 121 


prior permission. Violators will be prosecuted. 


Using the previous frame as an example, 


(d (E) 
(\ (€ es append...) 


))) 


(A (E) 
(\ (start end) 
(rec-List start 
end 


(step-append E))))) 


f 
1 
' 
\ 
' 
' 
' 
' 
1 
' 
(define append ! 
\ 
' 
' 
' 
' 
' 
' 
1 
f 


1 
' 
1 
' 
1 
' 
1 
' 
' 
1 
' 
1 
‘ 
1 
' 
1 
1 
1 
1 
' 


The expression (step-append E) should be a 
step for append when the list contains entries of type 
E. Be mindful of the Currying. 


If appendes is 
nil, 
then the step-append should produce 
(2: 'rye-bread nil). 
If append... is 
(t: 'rye-bread nil), 
then the step-append should produce 
(2: "tomato 
(2: "rye-bread nil)). 
Finally, if append,, is 
(:: "tomato 
(2: "rye-bread nil)), 
then the step-append should produce 
(:: "cucumber 


(:: "tomato 
(:: 'rye-bread nil))). 


That is good reasoning. 


What is the proper definition? 


Now append deserves a solid box. 


(define step-append 
(d (E) 
(X (e@ es append..) 
(:: € appendes)))) 


(define append 
(\ (E) 
(X (start end) 
(rec-List start 
end 
(step-append E))))) 


This definition of append is very much 
like +. 


“Is there an iter-List, like iter-Nat, and 


could it be used to define append? 
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Nothing would stop us from defining * Okay, let’s use the more expressive 
iter-List, but there is no need, because eliminators here. 

rec-List can do everything that iter-List 

could do, just as rec-Nat can do 

everything that iter-Nat and which-Nat 


can do. 

It is also possible to define append in * Ts that possible? 

another way, replacing :; with something 

else. 

Yes, it is. Instead of using :; to “cons” * snoc’s type is 

entries from the first list to the front of - 

the result, it is also possible to snoct (claim snoc 

entries from the second list to the back (1 ((E 4) ) 

of the result. eet E 

i 

For example, the value of ) 

(snoc Atom toppings 'rye-bread) What must the step do? 


is 
(:: "potato 
(:: "butter 
(:: 'rye-bread nil))). 


What is snoc’s type? 


t Thanks, David C. Dickson (1947-) 


The step must “cons” the current entry of = Oh, so it’s just like step-append. 
the list onto the result. 
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60 


7 
Now define snoc. Here is snoc. 


(define snoc 
(d (E) 
(X (start e) 
(rec-List start 
(1 e nil) 
(step-append E))))) 


Well done. "In addition to using snoc instead of the 
List “cons” ::, concat must eliminate the 


Now define concat, which should behave second list. 


like append but use snoc in its step. - 
(claim step-concat 
(claim concat (N ((E &)) 
(N ((E U)) (> E (List &) (List E) 
(— (List E) (List E) (List E)))) 
(List E)))) (define step-concat 
(d (E) 


concat's type is the same as append’s 


type because they do the same thing. ( (e.¢5 concates) 


(snoc E concat,; e)))) 


(define concat 
(x (E) 
(\ (start end) 
(rec-List end 
start 
(step-concat E))))) 


62 z if 
A list can be reversed using snoc as well. reverse accepts a single list as an 


argument. 
What should the type of reverse be? 


(claim reverse 

(n (EU) 
(— (List &) 
(List E)))) 
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What should be done at each step? 


At each step, e should be snoc’d onto the 
back of the reversed es. 


(claim step-reverse 
(n ((EU)) 
(— E (List E) (List &) 
(List E)))) 


Now define step-reverse and reverse. 


"" Here they are. 


(define step-reverse 
(» (E) 
(X (@ es reversees) 
(snoc E reverse. €)))) 


(define reverse 
(n (E) 
(A (es) 
(rec-List es 
nilt 
(step-reverse E))))) 


tWhen using Pie, it is necessary to replace this 
nil with (the (List E) nil). 


Now it is time for something lekkert. 


(claim kartoffelmad 
(List Atom)) 
(define kartoffelmad 
(append Atom 
(concat Atom 
toppings condiments) 
(reverse Atom 
(:: "plate 
(:: 'rye-bread nil))))) 


What is kartoffelmad’s normal form? 
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* Tt is 
(2: "chives 
(:: "mayonnaise 
(:: "potato 
(:: "butter 
(:: "rye-bread 
:: tplate nil)))))). 
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It’s a good thing we asked for the normal a Reversing lists is hungry work. 
form instead of the value. Otherwise, 

you'd have to assemble all but the "chives 

while eating it! 


Have yourself a nice kartoffelmad, 


and get ready for more delicious NM. 
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RUGBROD 


Day 1 


Mix about 150g sourdough, 400g dark 
whole rye flour, and 1L water in a bowl 
and mix until no flour clumps remain. 

Add enough water to completely 
cover 500g whole or cracked rye kernels 
with water, and let them soak. Cover 
both bowls with a cloth and let them 
sit. 


Day 2 


Take some of the dough, and save it 
in the fridge for next time. Drain the 
kernels. Mix one tablespoon salt, 450g 
rye flour and the soaked kernels into the 
dough. 

Pour the dough into a Pullman loaf 
pan (or a proper rugbréd pan if you 
have one) and cover with a cloth. 


Day 3 


Bake the bread at 180° C for 90 min- 
utes, or for 80 minutes in a convection 
oven. 

Wrap the baked bread in a towel and 
allow it to cool slowly before tasting it. 


The Rest of Your Life 


If not baking weekly, feed the saved 
sourdough every week by throwing 
away half and adding fresh rye flour and 
water, 

Make your bread your own by 
adding sunflower seeds, flax seeds, dark 
malt, pumpkin seeds, or whatever else 
strikes your fancy. 


KARTOFFELMAD 


Take a thin slice of rugbrod, approximately 0.75cm. Spread it with butter. 
Artfully arrange slices of cooled boiled new potato on the buttered bread, and 


top with mayonnaise and chives. 


LAKKERT! 
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We're glad you asked ... 


Naturally. Let’s get started. 


Let’s define a function first that finds the 
first entry in any List. 


After all that sandwich, some N would go 
great. 


I'm pretty good at anticipating what you 
want me to ask. 


Wouldn't that be easy to do? 


Actually, it would be impossible! 


It is impossible because nil has no first 
entry ... 


Why would it be impossible? 


... and therefore first would not be total. 


What about a function, /ast that, instead 
of finding the first entry, finds the last 
entry in a List? 


The function /ast would also not be 
total, because nil has no last entry. 


To write a total function first, we must 
use a more specific type constructor than 
List. This more specific type constructor 
is called Vec, which is short for “vector,” 
but it is really just a list with a length. 


An expression (Vec E k)' is a type when 
E is a type and kis a Nat. The Nat gives 
the length of the list. 


Is (Vec Atom 3) a type? 


t Pronounced “list of E with length &,” or simply 
“list of FE length k.” 


Can types contain expressions that 
aren’t types? 


Precisely How Many? 
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Just as types can be the outcome of * ‘Then (Vec Atom 3) is a type because 
evaluating an expression (as in Atom is a type and 3 is clearly a Nat. 
frame 1:55), some types contain other 

expressions that are not themselves 


types. 
Is * Tt must be, because 
(Vec (cdr 
(cdr (cons 'pie 
(cons 'pie (List (cdr (cons Atom Nat))))) 
(List (cdr (cons Atom Nat))))) snd 
ee )) (List Nat) 
eyes are the same type, and because 
(+21) 
is the same Nat as 
3. 
That means that the expression is the 
same as 
(Vec (List Nat) 3), 
which is clearly a type. 
The only constructor of (Vec E zero) is Ts this because the length of vecnil is 
vecnil. zero? 
Precisely. “What is k here? 


vec:: is the only constructor of 
(Vec E (add1 k)). 


Here, k can be any Nat. If an expression is a 


Vec E (add1 k)), 
(vec:: e es) is a (Vec E (add k)) when e ( ~~ @ )) , 
is an E and es is a (Vec E k). then its value has at least one entry, so it 


is possible to define first and Jast, right? 
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Right. Is Yes, because 
(vec:: "oyster vecnil) ‘oyster 
a is an 
(Vec Atom 1)? Atom 
and 
vecnil 
isa 
(Vec Atom zero). 


The Law of Vec 


If £ is a type and k is a Nat, 
then (Vec £ k) is a type. 


The Law of vecnil 


vecnil is a (Vec E zero). 


The Law of vec:: 


If e is an £ and es is a (Vec E k), 
then (vec:: e es) is a (Vec FE (addl k)). 


Precisely How Many? 
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Is 
(vec:: 'crimini 
(vec:: "shiitake vecnil)) 


(Vec Atom 3)? 


How does this relate to frame 11? 


No, because it is not a list of precisely 
three atoms. 


It is not a 

(Vec Atom 3) 
because 

(vec:: "shiitake vecnil) 
is not a 

(Vec Atom 2). 


Why is 

(vec:: "shiitake vecnil) 
not a 

(Vec Atom 2)? 


Why can’t that be the case? 


Why is 1 not the same Nat as zero? 


If it were, then 
vecnil 
would have to be a 
(Vec Atom 1), 
based on the description in frame 11. 


Because 
vecnil 
isa 
(Vec Atom zero), 
and 1 is not the same Nat as zero. 


Frame 1:100 explains that two Nats are 
the same when their values are the same, 
and that their values are the same when 
either both are zero or both have add1 at 
the top. 
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It is now possible to define first-of-one, But is it possible? So far, there are no 


which gets the first entry of a (Vec E 1). eliminators for Vec. 


Good point. Two of the eliminators for ” What do head and tail mean? 
Vec are head and tail. 


1 


(head es) is an It cannot be vecnil because vecnil has 
E zero entries. So es has vec:: at the top. 
when 
es 
is a 


(Vec E (addi k)). 


What form can the value of es take? 


22 


The expression What about tail? 


(head 
(vec:: a d)) 
is the same £ as a. 


(tail es) es has vec:: at the top. 
is a Is 

(Vec E k) (tail 
when (vec:: a d)) 

aad the same 
isa E 

(Vec E (add1 )). as 

d? 
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No, but 
(tail 
(vec:: a d)) 
is the same 
(Vec E k) 
as 
d. 


Now define first-of-one. 


What is the value of 


(first-of-one Atom 
(vec:: "shiitake vecnil))? 


 first-of-one uses head to find the only 


entry. 


(claim first-of-one 
(N ((E U)) 
(— (Vec E 1) 
E))) 
(define first-of-one 
(d (E) 
(X (es) 
(head es)))) 


” Tt is ‘shiitake. 


What is the value of 
(first-of-one Atom vecnil)? 


That question is meaningless because 
(first-of-one Atom vecnil) 


is not described by a type, and this is 
because 


vecnil 
is not a 
(Vec Atom 1). 


That’s right, the question is meaningless. - 


Now define first-of-two. 


It is very much like first-of-one. 


(claim first-of-two 
(n (EU) 
(— (Vec E 2) 
E))) 
(define first-of-two 
(d (E) 
(X (es) 


(head es)))) 
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What is the value of 
(first-of-two Atom 
(vec:: 'matsutake 
(vec:: 'morel 
(vec:: "truffle vecnil))))? 


29 


Good point. 


It is now time for first-of-three. 


That is quite a valuable list of 
mushrooms. 


The question, however, doesn’t make 
sense because that valuable list of 
mushrooms has three, instead of 
precisely two, mushrooms. 


Is there a way to define a first that works 
for any length? 


‘ ‘ ' 0 
No, there is not, because there is no first 


entry when the length is zero. But it is 
possible to define a first that finds the 
first entry in any list that has at least 
one entry. 


That sounds difficult. 


BY 


Actually, it’s not that difficult. 


In fact, it’s as easy as ... 


f-expressions are more flexible than we 
have seen thus far. 


A mushroom pot pie, for one. 


Precisely How Many? 


What is a more flexible kind of I? 


“What is a more flexible kind of 


N-expression? 
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Here is first’s claim. 


(claim first 
(N (EU) 
(€ Nat)) 
(> (Vec E (add £)) 
E))) 


What is new here? 


After the argument name @, it says Nat. 
Earlier, it always said U after argument 
names in [-expressions. 


The E in 
(— (Vec E (addi £)) 
E) 


refers to whatever U is the first 
argument to first. Does this mean that 
the ¢ in (add1 £) refers to whatever Nat 
is the second argument to first? 


The expression 
(N (YY Y)) 
x) 


The Law of [1 


is a type when Y is a type, and X isa type if yisa Y. 


Precisely. The (add1 @) ensures that the 
list that is the third argument to first 
has at least one entry. 


Now define first. 


” Here it is, in a well-deserved solid box. 


(define first 
(r (E 6) 
(X (es) 
(head es)))) 


What is the value of 
(first Atom 3 
(vec:: 'chicken-of-the-woods 
(vec:: "chantrelle 
(vec:: "lions-mane 
(vec:: "puffball vecnil)))))? 


* Tt is "chicken-of-the-woods. 


But why is the number of entries 
(add1 ¢) 

instead of just 
2 
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There is no first entry to be found in ” We avoid attempting to define a 
vecnil, which has zero entries. non-total function by using a more 

specific type to rule out unwanted 
No matter what @ is, (add1 £) can never arguments. 


be the same Nat as Zero, so vecnil is not a 
(Vec E (add1 @)). 


Use a More Specific Type 


Make a function total by using a more specific type to 
rule out unwanted arguments. 


The same definition could have been * ‘This would have been the same 

written with two nested [-expressions. definition because M-expressions with 
pee eg ne many argument names are shorter ways 
| (claim first 


ane ae arguinent name each. 
(> (Vec E (addi ¢)) 

E)))) 

| (define first 

(r (E) 

1 oN (¢) 

\ (d (es) 

(head es))))) 


Why would this be the same definition? 


of writing nested [-expressions with one 


Precisely How Many? 
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This definition could also have been Would it really have been the same 
written with three nested N-expressions. definition? 
(claim first The previous definition had an —, while 


1 (N((EU)) this definition does not. 
| (11 ((é Nat)) 

’ (N ((es (Vec E (add1 £)))) 

1 E)))) 

' (define first 

0 (E) 

1 OM 

1 (A (es) 

(head es))))) 


Why would this have been the same 
definition? 


In fact, -+-expressions are a shorter way al okay. 
of writing N-expressions when the 

argument name is not used in the 

NM-expression’s body. 


— and I 


is a shorter way of writing 
(N (YY Y)) 
x) 


when y is not used in X. 
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The Final Law of \ 
If zis an X when y is a Y, then 
Q (Y) 
: % 
( ((y Y)) 
X). 


The Final Law of Application 
Iffisa 
(n ((y Y)) 
x) 


and zisa Y, then 
(f 2) 
is an X 
where every y has been consistently replaced by z. 


The Final First Commandment of \ 
If two \-expressions can be made the same 


(n ((y Y)) 
x), 


by consistently renaming their variables, then they are 
the same. 


Precisely How Many? 
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The Final Second Commandment of > 
Iffisa 
(N ((y Y)) 
X), 
and y does not occur in f, then f is the same as 


A (y) 
(f y))- 


The type “ ‘This last version of first could have been 
(N ((es (Vee E (addi £)))) written like this. 

E) | (claim first ; 
could have been written 1 (N((EU) } 
(— (Vec E (addi £)) i (é Nat) ; 
E) I (es (Vec E (addi @)))) ' 
because es is not used in E. )) ; 
| (define first ' 
We could also have written first’s claim 1 (d (E £ es) 
with a single N-expression, and no >. 1 (head es))) ' 


This is because nested [-expressions 
could have been written as a single 
N-expression. 


A more specific type made it possible to ‘ Yes, it is, because (tail vecnil) is as 
define first, our own typed version of meaningless as (head vecnil). 
head. 


Is a more specific type needed to define 
rest, our own version of tail? 
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What is that more specific type? The argument must have vec:: at the 
top. 


Because the head is not part of the tail, 
the resulting Vec is shorter. 


(claim rest 
(N (EU) 
(¢ Nat)) 
(— (Vec E (add1 ¢)) 
(Vec E £)))) 


Both head and tail are functions, and all “Here it is. 
functions are total. This means that they 


cannot be used with List because List ery 
does not rule out nil. 

(d (es) 
Now define rest. (tail es)))) 


Save those mushrooms 


the oven is hot, and it’s almost time to bake the N. 
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Our mushroom pot pie requires quite a 
few peas. Now it is time to define peas, 
which produces as many peas as 
required. 


What type expresses this behavior? 


How many peas should peas produce? 


The type is 
(— Nat 
(List Atom)) 


because peas should be able to produce 
any number of peas. 


It depends. 


What does it depend on? 


It depends on how many peas are 
required—that is, the argument. 


The type in frame 1, 


(— Nat 
(List Atom)), 


is not specific enough. It does not 
express that peas produces precisely as 
many peas as were asked for. 


The number of peas is the Nat argument. 


Does this type do the trick? 


(claim peas 
(Tl ((how-many-peas Nat)) 
(Vec Atom how-many-peas))) 


Yes, and the type expresses that the 
number of peas as the argument to peas 
depends on the number asked for. Such 
types are called dependent types. 


Can peas be written using rec-Nat? 


(define peas 
(\ (how-many-peas) 
(rec-Nat how-many-peas 
vecnil 
(d (€-1 peasy.) 
(vec:: pea peasy.;))))) 


Dependent Types 


A type that is determined by something that is not a type 
is called a dependent type. 


It All Depends On the Motive 
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The definition of peas is not an * What about iter-Nat? 
expression. To use rec-Nat, the base 

must have the same type as the peasy, 

argument to the step. Here, though, the 

peas,., might be a (Vec Atom 29), but 

vecnil is a (Vec Atom 0). 


In other words, rec-Nat cannot be used 
when the type depends on the target 
Nat. 


rec-Nat can do anything that iter-Nat ” Is there something more powerful to use? 
can. 


It is called ind-Nat, short for “induction * What is ind-Nat? 


on Nat.” 

ind-Nat is like rec-Nat, except it allows " There is a Nat called how-many-peas 
the types of the base and the included in 

almost-answer in the step, here peasy_, (Vec Atom how-many-peas). 


to include the target Nat. 

Is this a dependent type? 
In other words, ind-Nat is used for 
dependent types. 


Yes, it depends on the Nat " “What does this extra argument look 
how-many-peas. like? 


To work with dependent types, ind-Nat 
needs an extra argument: to use ind-Nat, 
it is necessary to state how the types of 
both the base and the step’s 
almost-answer depend on the target Nat. 
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u eee : 
This extra argument, called the motive,* So the motive is a function whose body 
can be any isad. 
(— Nat 
U). 


An ind-Nat-expression’s type is the 
motive applied to the target Nat. 


i Thanks, Conor McBride (1973-). 


It is. The motive explains why the target ” That's a good question. 


is to be eliminated. 
At least its type is clear. 


What is the motive for peas? - 
(claim mot-peas* 


(—> Nat 
U)) 


tmot” is pronounced “moat.” 


Use ind-Nat for Dependent Types 


Use ind-Nat instead of rec-Nat when the rec-Nat- or ind-Nat- 
expression’s type depends on the target Nat. The ind-Nat- 
expression’s type is the motive applied to the target. 


Here is mot-peas. " Tt is the U/, and thus also the type, 


(define mot-peas (Vec Atom zero). 


(» (k) 
(Vec Atom k))) 


What is the value of (mot-peas zero)? 


It Ali Depends On the Motive 145 


prior permission. Violators will be prosecuted. 


What type must the base for peas have? 


‘ Surely it must have the type 


(Vec Atom zero), 


because the value of the base is the value 
when zero is the target. 


What should the base for peas be? 


Tt must be vecnil because vecnil is the 
only 


(Vec Atom zero). 


This is also (mot-peas zero). 


What is the purpose of a step in rec-Nat? 


In rec-Nat, the step’s arguments are n-1 
and the almost-answer, which is the 
value from eliminating n-t. 


Given n-1 and the almost-answer, the 
step determines the value for (add1 n-L). 


The step’s arguments in ind-Nat are also 
n-l and an almost-answer. 


What is the almost-answer’s type? 


The almost-answer’s type is the motive 
applied to n-l because the almost-answer 
is the value for the target n-1. 


What is the type of the value for the 
target (add1 n-1)? 


The type of an ind-Nat-expression is the 
motive applied to the target. 


If the motive is called mot, then the 
step’s type is 
(1M ((n-t Nat)) 
(— (mot n-l) 
(mot (add1 n-1)))). 


What is an example of a step for 
ind-Nat? 
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Here is the step for peas. ” Why does mot-peas appear twice in 
step-peas’s type? 


(claim step-peas 
(FM ((¢-1 Nat)) 
(— (mot-peas (-1) 
(mot-peas (add1 ¢-1))))) 
(define step-peas 
(s (&1) 
(\ (pease.1) 
(vec:: "pea peasy ;)))) 


Good question. "Tt is (Vec Atom £-1). 


What is the value of (mot-peas ¢-1)? 


The Law of ind-Nat 


If target is a Nat, mot is an 
(— Nat 
U), 
base is a (mot zero), and step isa 
(A ((n-1 Nat)) 
(— (mot n-1) 
(mot (add1 n-1)))), 
then 
(ind-Nat target 
mot 
base 
step) 
is a (mot target). 


It All Depends On the Motive 
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The ind-Nat-expression 
(ind-Nat zero 
mot 
base 
step) 


The First Commandment of ind-Nat 


is the same (mot zero) as base. 


The ind-Nat-expression 
(ind-Nat (add1 n) 
mot 
base 
step) 
and 
(step n 
(ind-Nat n 
mot 
base 
step)) 
are the same (mot (add1 n)). 


The Second Commandment of ind-Nat 


This is peasy_;’s type, which describes a 
list containing £-1 peas. 
What is the value of 

(mot-peas (addi ¢-1)), 


and what does it mean? 


* It is 


(Vec Atom (addl é-1)), 
which describes a list containing 
(add1 ¢-1) 


peas. 
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Induction on Natural Numbers 


Building a value for any natural number by giving a value 
for zero and a way to transform a value for n into a value 
for n+ 1 is called induction on natural numbers. 


The step must construct a value for ” No matter what Nat é-1 is, step-peas can 
(add1 ¢-1) from a value for é-1. take a 


(Vec Atom ¢-1) 
and produce a 
(Vec Atom (add1 é-1)). 
It does this by “consing” a 'pea to the 


Look at step-peas’s type again. What 
does it mean in prose? 


front. 
The base replaces ‘s step-peas replaces each add1 with a vec::, 
zero just as Jength in frame 5:34 replaces each 
aah 1 in a list with add1. 
vecnil 
because 
vecnil 
is the only 


(Vec Atom zero). 
What does step-peas replace an add1 


with? 


Now it is possible to define peas, using ” Here is the definition. 
mot-peas and step-peas. 


(define peas 
(\ (how-many-peas) 
(ind-Nat how-many-peas 
mot-peas 
vecnil 
step-peas))) 
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What is the value of (peas 2)? 


Here are the first two steps. 


1. | (peas 
(add1 
(add1 zero))) 
. | (ind-Nat (add1 
(add1 zero)) 
mot-peas 
vecnil 
step-peas) 
. | (step-peas (add1 zero) 
(ind-Nat (addi zero) 
mot-peas 
vecnil 
step-peas)) 
Now, find its value. Remember that 
arguments need not be evaluated. 


nw 


wo 


26 
Here 


«| (vect: "pea 


And 


a 


_ 


it is, 


(ind-Nat (add1 zero) 
mot-peas 
vecnil 
step-peas)). 
finally, we find its normal form, 


. | (veci: "pea 


(step-peas zero 
(ind-Nat zero 
mot-peas 
vecnil 
step-peas))) 
(vec:: "pea 
(vec:: "pea 
(ind-Nat zero 
mot-peas 
vecnil 
step-peas))) 


| (vec:: "pea 


(vec:: "pea vecnil)), 


which is normal. 


If the motive’s argument is dim, then 
ind-Nat works just like rec-Nat. Define a 
function also-rec-Nat using ind-Nat that 
works just like rec-Nat. 


(claim also-rec-Nat 


* The type does not depend on the target, 


so k 


is dim. 


(define also-rec-Nat 
(d (x) 


(\ (target base step) 


(N (X U¥)) (ind-Nat target 
(> Nat (d (k) 
x X) 
(> Nat X base 
x) step)))) 
x))) 
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Just as first finds the first entry in a list, * ‘The list must be non-empty, which 


last finds the last entry. 


What type should /ast have? 


means that we can use the same idea as 
in first’s type. 


(claim last 
(M1 ((E U) 
(é Nat)) 
(— (Vec E (add1 ¢)) 


E))) 


If a list contains only one Atom, which 
Atom is the last one? 


What is the normal form of 


(last Atom zero 
(vec:: "flour vecnil))? 


p) 


There is only one possibility. 


Here is a guess. The question has no 
meaning, because that list contains one 
rather than zero entries. 


What is (last Atom zero)’s type? 


Remember Currying. 


31 


(last Atom zero)’s type is 
(— (Vec Atom (add1 zero)) 
Atom). 


So the question in the preceding frame 
does, in fact, have a meaning! 


What is the normal form of 


(last Atom zero 
(vec:: "flour vecnil))? 
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It must be ‘flour. 


Yes, indeed. 


Using this insight, what is base-/ast’s 
type? 


33 


The base is used when the Nat is zero. 


(claim base-last 
(N ((E U)) 
(— (Vec E (add1 zero)) 
E))) 


It All Depends On the Motive 
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What is the definition of base-last? : 


It uses head to obtain the only entry in a 
(Vec Atom (add1 zero)). 


(define base-/ast 
(x (E) 
(X (es) 
(head es)))) 


35 


This is the first time that the base is a 
function. According to the motive, both 
the base and the step’s almost-answer 
are functions. 


When the base is a function and the step 
transforms an almost-function into a 
function, the ind-Nat-expression 
constructs a function as well. 


Are )-expressions values? 


Yes, because ) is a constructor. 
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The ind-Nat-expression’s type is the 
motive applied to the target, which is the 
Nat being eliminated. 


What is the target Nat when the base is 
reached? 


The motive applied to zero should be the sd 
base’s type. 


Find an expression that can be used for 
the motive. 


Functions are indeed values. 


It is zero. That is what it means to be 
the base. 


How about 
(N ((B U) 
(k Nat)) 
(—> (Vec E (add1 k)) 
E))? 
Filling in £ with the entry type and k 
with zero yields the base’s type. 
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ind-Nat’s Base Type 


In ind-Nat, the base’s type is the motive applied to 
the target zero. 


That’s close, but not quite correct. Oh, so it must be 
ee: (s (Ek) 

The motive for ind-Nat should be applied (— (Vec E (addi k)) 

to zero, but applying a N-expression B)) 


doesn’t make sense. The motive for . 
ind-Nat is a function, not a function’s which can be applied to the entry type 
type. and zero to obtain the base's type. 


Now define the motive for /ast. Here it is. 


(claim mot-last 


(define mot-last 


(— U Nat (\ (E k) 
U)) (—> (Nec E (add1 k)) 
E))) 
What is the type and value of " The type is 
(mot-last Atom)? (— Nat 
u) 
and the value is 
(» (k) 
(— (Vec Atom (add1 k)) 
Atom)). 
What does this resemble? ” twin-Atom from frame 4:54. Applying 


mot-last to a U results in a suitable 
motive for ind-Nat. 
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What is the value of the base’s type, 
which is 
(mot-last Atom zero)? 


What is the value of 
(mot-last Atom (addi €-1))? 


What is the purpose of the step for last? 


The outer add1 is part of the type in 
order to ensure that the list given to /ast 
has at least one entry. The inner add1 is 
from the (add1 ¢-1) passed to mot-last. 


It is the type 


(— (Vec Atom (add1 zero)) 
Atom). 


It is 


(— (Vec Atom (addi 
(addi é-1))) 
Atom). 


” The step for /ast turns the almost-answer 


for ¢-1 into the answer for (add1 ¢-1). 


In other words, the step for fast changes 
a function that gets the last entry in a 
(Vec E (add1 ¢-1)) 
to a function that gets the last entry in a 
(Vec E (add1 
(add1 é-1))). 
Why are there two add1s? 


The outer add1 makes the function total, 
and the inner add1 is due to the Law of 
ind-Nat. 
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What is the step’s type? ' The step’s type must be 
(+ (> (Vec E (add1 ¢-1)) 
E) 


(— (Vec E (addi 
(add1 é-1))) 
E)) 
because the step must construct a 
(mot-last E (add1 ¢-1)) 
from a 
(mot-last E €-1). 


How can that type be explained in * The step transforms a 


prose? last 
function for 
£ 
into a 
last 
function for 


(add1 @). 


ind-Nat’s Step Type 


In ind-Nat, the step must take two arguments: some Nat n 
and an almost-answer whose type is the motive applied 
to n. The type of the answer from the step is the motive 
applied to (addi n). The step’s type is: 


(Tl ((7 Nat)) 
(> (mot n) 
(mot (add1 n)))) 


It All Depends On the Motive 


prior permission, Violators will be prosecuted. 


Here is step-last’s claim. 


(claim step-last 
(1 (EU) 
(£-1 Nat)) 
(— (mot-last E ¢-1) 
(mot-last E (add1 ¢-1))))) 


Now define step-last. 


: last¢_; is almost the right function, but 


only for a list with 1 entries, so it 
accepts the tail of a list with (add1 ¢-1) 
entries as an argument. 


(define step-last 
(\ (E €-1) 
(X (laste-1) 
( (es) 
(/ast¢_, (tail es)))))) 


What is es’s type in the inner 
d-expression? 


esisa 
(Vec E (add1 
(addi £-1))). 


Why is that es’s type? 


The whole inner \-expression’s type is 

(mot-last E (add1 ¢-1)), 
and that type and 

(— (Vec E (addi 

(add ¢-1))) 
E) 

are the same type. Thus, the argument 
to the \-expression, namely es, is a 

(Vec E (add1 

(add é-1))). 


Clever. 


What is (tail es)’s type? 


: (tail es)’s type is 


(Vec E (add1 é-1)), 


which is the type of a suitable argument 
for the almost-ready function. 


156 


Chapter 7 


prior permission. Violators will be prosecuted. 


What is /ast¢_;’s type in the outer 
d-expression in frame 49? 


lasty_; is an 
(— (Vec E (add1 é-1)) 


which is the value of (mot-last £-1). 


a ee 
Now it is time to define Jast. The claim is 


in frame 28 on page 151. 


Here goes. 


(define /ast 
(d (E 2) 

(ind-Nat ¢ 
(mot-last E) 
(base-last E) 
(step-last E)))) 


What is the normal form of 


(last Atom 1 
(vec:: ‘carrot 
(vec:: "celery vecnil)))? 


Here is the beginning. 


e 


. | (last Atom (add1 zero) 
(vec:: ‘carrot 
(vec:: 'celery vecnil))) 
((ind-Nat (add1 zero) 
(mot-last Atom) 
(base-last Atom) 
(step-last Atom)) 
(vec:: "carrot 
(vec:: "celery vecnil))) 
((step-last Atom zero 
(ind-Nat zero 
(mot-last Atom) 
(base-last Atom) 
(step-last Atom))) 
(vec:: ‘carrot 
(vec:: "celery vecnil))) 


N 


” ‘Thanks for the help. There is more. 
-| (Qs (es) 
((ind-Nat zero 
(mot-last Atom) 
(base-last Atom) 
(step-last Atom)) 
(tail es))) 
(vec:: "carrot 
(vec:: ‘celery vecnil))) 
((ind-Nat zero 
(mot-last Atom) 
(base-last Atom) 
(step-last Atom)) 
(tail 
(vec:: 'carrot 
(vec:: "celery vecnil)))) 
. | (base-last Atom 
(tail 
(vecz: "carrot 
(vec:: "celery vecnil)))) 


> 


on 
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56 
Is that the normal form? No, there are a few more steps. 


“1 (Qs (es) 
(head es)) 
(tail 
(vec:: ‘carrot 
(vec:: ‘celery vecnil)))) 
8. | (head 
(tail 
(vec:: "carrot 
(vec:: "celery vecnil)))) 


9. | (head 
(vec:: ‘celery vecnil)) 

10. | "celery 
Excellent. ” ‘That sounds like a good idea. 
Now take a quick break and have some 
fortifying mushroom pot pie. 
Guess what drop-last means. 58 Presumably, it drops the last entry in a 

Vec. 

Good guess! ” Tt is not described by a type, for the 


same reason that 


What is (drop-last Atom 3 vecnil)? (first Atom 3 vecnil), 


(last Atom 3 vecnil), 
and 

(rest Atom 3 vecnil) 
aren’t described by types. 


The type must contain a Vec with an 
add1 in it. 
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That's solid thinking. “ drop-last shrinks a list by one. 


(claim drop-last 
(N ((E U) 
(€ Nat)) 
(— (Vec E (add1 ¢)) 
(Vec E £)))) 


What is drop-last’s type? 


ol 


What is base-drop-last? The base finds the 
drop-last 
of a single-entry list, which is 
vecnil 
because the last entry is the only entry. 


(claim base-drop-last 
(1 ((EU)) 
(> (Vec E (add1 zero)) 
(Vec E zero)))) 


(define base-drop-last 


(d (E) 
(d (es) 
vecnil))) 
Would this definition of base-drop-last "Tt always has the same value, but it does 
also work? not convey the idea as clearly. 


LF; 7 
1 (define base-drop-last The intention is that base-drop-last 


: 0 (E) | ignores the last entry in the list. 

\ (\ (es) ' 

1 (tail es)))) 

That sounds right. - Getting the right answer is worthless if 
we do not know that it is correct. 

Why doesn’t it deserve a solid box? Understanding the answer is at least as 


important as having the correct answer. 
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Readable Expressions 


Getting the right answer is worthless if we do not know 
that it is correct. Understanding the answer is at least 
as important as having the correct answer. 


Someone has been paying attention! = mot-drop-last says that drop-last 
constructs a Vec with one fewer entries. 


What is mot-drop-last? 
“ie (claim mot-drop-last 


(— U Nat 
Uu)) 
(define mot-drop-last 
(\ (E k) 
(— (Vec E (addi k)) 
(Vec E k)))) 


That was fast. Please explain. During ind-Nat, the motive applied to 
zero is the base’s type. That means that 
we can work backwards by replacing the 
zeros in the base’s type with the 
argument k to mot-drop-last in the base’s 
type from frame 61. 


That is a keen observation. This mn step-drop-last’s type follows the Law of 


approach does not always work, but it is ind-Nat. 
a good starting point. 


(claim step-drop-last 
(N ((E U) 
(¢-1 Nat)) 
(— (mot-drop-last E €-1) 
(mot-drop-last E (add1 £-1))))) 


Replacing a particular constant with a 
variable and wrapping a of the variable 
is called abstracting over constants, and 
it is used often. Here, the motive 
abstracts over zero in base-drop-last. 
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How should step-drop-last be defined? 


This is the familiar pattern of induction: 


step-drop-last 
transforms a 
drop-last 
that works for 
(Vec E €-1) 
into a 
drop-last 
that works for 
(Vec E (addi ¢-1)). 


How does the transformation work? 


The claim for drop-last is in frame 60 on 
page 159. 


Now define drop-last. 


= step-drop-last keeps the head around. 


08 


69 


(define step-drop-last 
(d (E é-1) 
(X (drop-last¢_1) 
(A (es) 
(vec:: (head es) 
(drop-last,_, (tail es))))))) 


Just as 
step-last 


uses its almost-answer, namely /ast¢_;, to 
find the /ast of its own (tail es), 


step-drop-last 


uses its almost-answer, drop-last,_;, to 
find the drop-last of its own (tail es). 


Based on mot-drop-last, the function 
produced by step-drop-last must add an 
entry to that list. Thus, the inner 
d-expression in frame 66 “cons”es 
(using vec::) the head of es onto the 
(drop-last,_, (tail es)). 


It’s a matter of putting the pieces 
together. 


(define drop-last 
(d (E & 
(ind-Nat ¢ 
(mot-drop-last E) 
(base-drop-last E) 
(step-drop-last E)))) 
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Yes, drop-last is now defined. 


Sometimes, it can be convenient to find a 
function that can be used later. For 
example, (drop-last Atom 2) finds the 
first two entries in any three-entry list of 
Atoms. 


Show how this works by finding the 
value of 


(drop-last Atom 
(add1 
(add1 zero))). 


That’s right—\-expressions are values. 

To find the normal form, more steps are 

necessary. Here’s the first one. 

5. | (X (es) 
(vec:: (head es) 
((step-drop-last Atom zero 
(ind-Nat zero 
(mot-drop-last Atom) 
(base-drop-last Atom) 
(step-drop-last Atom))) 
(tail es)))) 
Now find the normal form. 


” Here's the chart to find the value. 
- | (drop-last Atom 
(add1 

(add1 zero))) 
2. | (ind-Nat (add1 

(add1 zero)) 

(mot-drop-last Atom) 
(base-drop-last Atom) 
(step-drop-last Atom)) 
. | (step-drop-last Atom (add1 zero) 

(ind-Nat (add1 zero) 

(mot-drop-last Atom) 

(base-drop-last Atom) 

(step-drop-last Atom))) 

(X (es) 
(vec:: (head es) 

((ind-Nat (add1 zero) 
(mot-drop-last Atom) 
(base-drop-last Atom) 
(step-drop-last Atom)) 

(tail es)))) 


‘Th step 6, es has been consistently 
renamed to ys to make it clear that the 
inner \-expression has its own variable. 

6.] (X (es) 
(vec:: (head es) 
(( (ys) 
(vec:: (head ys) 

((ind-Nat zero 
(mot-drop-last Atom) 
(base-drop-last Atom) 
(step-drop-last Atom)) 

(tail ys)))) 
(tail es)))) 
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It is not necessary to rename es to ys, 
because variable names always refer to 
their closest surrounding d, but it’s 
always a good idea to make expressions 
easier to understand. 


Here are two more steps. 

| (X (es) 

(vec:: (head es) 

(vec:: (head (tail es)) 
((ind-Nat zero 
(mot-drop-last Atom) 
(base-drop-last Atom) 
(step-drop-last Atom)) 
(tail (tail es)))))) 


~ 


8. | (X (es) 
(vec:: (head es) 
(vec:: (head (tail es)) 
(base-drop-last Atom 
(tail (tail es)))))) 


C’est magnifique! Bet you're tired. 


* Almost there. 


9. 


10. 


(X (es) 
(vec:: (head es) 
(vec:: (head (tail es)) 
(Q (ys) 
vecnil) 
(tail (tail es)))))) 
(d (es) 
(vec:: (head es) 
(vec:: (head (tail es)) 
vecnil))) 


The normal form is much easier to 
understand than the starting expression! 


* Indeed. And hungry, too. 


Eat the rest of that pot pie, 
and head to a café if you’re still hungry, 
and re-read this chapter in a relaxed ambience. 
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Sometimes, it is not immediately 
apparent how to write a Pie expression. 


That's right. Most keyboards, however, 
do not make it particularly easy to type 
empty boxes. 


Instead of typing empty boxes, it is 
possible to leave part of an expression to 
be written later using the TODO form. 


That’s what empty boxes are for, right? 


2 


What is TODO? 


TODO is an expression that is a 
placeholder for another expression. A 
TODO can have any type, and Pie keeps 
track of which TODOs have which types. 


Each TODO comes from somewhere 
specific. Here, we refer to them by frame 
number; when using Pie outside of a 
book, this will be somewhere else that is 
appropriate. 


Try typing 
(claim peas 
TODO) 


and see what happens. 


How can TODO be used? 


Pie responds with 

Frame 4:2.3: TODO: U 
and the TODO it’s mentioning is indeed a 
U on the second line and third column of 
an expression in frame 4. 


Now try 
(claim peas 
(Pi ((m Nat)) 
TODO) ) 
which is closer to the type for peas in 
chapter 7. 


' Pie responds with 
Frame 5:3.5: TODO: 
n: Nat 


but what does that horizontal line mean? 


One Piece at a Time 
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When Pie replies with the type that is * Then : Nat above the line means that 
expected for a TODO, it also includes the the variable n is a Nat. 

types of the variables that can be used at 

the TODO’s position. 


That's right. Pie replies with 
Frame 7:5.3: TODO: 
Now try (Il ((m Nat)) 
(claim peas (Vec Atom n)) 


(Pi ((m Nat)) 
(Vec Atom n))) 
(define peas 
TODO) 


where the TODO is in a definition. 


which is the type that was claimed. 


How does Pie respond when provided There will be a line for n above the 
with a \ around the TODO? horizontal line. 
(claim peas 
(Pi ((m Nat)) 
(Vec Atom n))) 


(define peas 
O (a) 
TODO) ) 
Try it and see. ” That’s what happened. 
Frame 8:6.5: TODO: 
n: Nat 


(Vec Atom n) 


What’s next? "The number of "peas depends on n, so 


ind-Nat is needed. 
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How does Pie respond to this version of 
peas? 
(claim peas 
(Pi ((m Nat)) 
(Vec Atom n))) 
(define peas 
O @) 
(ind-Nat n 
O Oy) 
(Vec Atom k)) 
TODO 
TODO) )) 


‘ Rach TODO has the type that would be 


expected by the Law of ind-Nat. 
Frame 11:9.7: TODO: 
n : Nat 


(Vec Atom 0) 


Frame 11:10.7: TODO: 
n: Nat 
(1 ((m-1 Nat)) 
(+ (Vec Atom n-1) 
(Vec Atom 
(addi n-1)))) 


How should the TODOs be replaced? 


Nicely chosen. How does Pie respond to 
this version? 
(claim peas 
(Pi ((n Nat)) 
(Vec Atom n))) 
(define peas 
O @) 
(ind-Nat n 
O (sr) 
(Vec Atom k)) 
vecnil 
 (n-1 peas-of-n-1) 
(vec:: TODO TODO))))) 


The first TODO should be a (Vec Atom 0), 
so vecnil is appropriate. The second TODO 
should be a two-argument function, built 
with \, that uses vec:: to add a "pea to 
n-l peas. 


The Law of vec:: determines the type of 


each TODO. 
Frame 13:11.16: TODO: 
n : Nat 
n-1 : Nat 


peas-of-n-1 : (Vec Atom n-1) 


Frame 13:11.21: TODO: 
n : Nat 
n-1 : Nat 
peas-of-n-1 : (Vec Atom n-1) 


(Vec Atom n-1) 
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Now replace the final TODOs. 
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“ Here is the final definition. 


(claim peas 
(Pi ((@m Nat)) 
(Vec Atom n))) 


(define peas 
QO (@) 
(ind-Nat n 
QO Ok) 
(Vec Atom k)) 
vecnil 
(\ (n-1 peas-of-n-1) 
(vec:: ‘pea 
peas-of-n-1))))) 
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Go eat a mushroom pot pie 
that contains n peas, 


one delicious bite at a time. 
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gor” all on 
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How was that mushroom pot pie? Delicious, though very filling. How about 
something less filling here’? 


How about a That should be manageable. 
(sandwich 'hoagie)? 


What is the normal form of (+ 1)? ~ Let's find out. 
Let’s start. " ‘The normal form needs a bit more work. 
1.] (+ (addi zero)) 3.| OG) 
2} 0) ao 
(iter-Nat (add1 zero) (iter-Nat zero 
J J 
step-+)) step-+))) 
This is the value. 4} (4G) 
(addi 
(iter-Nat zero 
J 
step-+))) 
5.) (\ G) 
(add! j)) 


Here is another definition. 


That’s just three steps. 


(claim iner 1.| (incr zero) 
ps 2.| (iter-Nat zero 
1 
(define incr (+ 1)) 


3.| 1 
It is 1, also known as (add1 zero). 


What is the normal form of (incr 0)? 
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What is the normal form of (incr 3)? * ‘That normal form takes a few more 
steps. The first steps are to find the 
value. 


(iter-Nat 3 


(iter-Nat 2 
A 
(+ 1))) 
(add1 
(iter-Nat 2 
1 
(+ 1))) 


That is indeed the value. But what is the * The normal form is 4. 


normal form? Here's a few more steps. 6.| (addi 
4.| (add (add1 
(+1 (+1 
(iter-Nat (add1 zero) (iter-Nat zero 
1 a 
(+ 1)))) (+ 1))))) 
5.| (add 7.| (add 
(addi (add1 
(iter-Nat (add1 zero) (add1 
1 (iter-Nat zero 
(+ 1)))) 1 
(+ 1))))) 
8.]| (add1 
(add1 
(add1 
1))) 
What is the relationship between : They both find the same answer, no 
(+ 1) matter what the argument is. 
and 
incr? 
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Does this mean that (+ 1) is the same They are the same if they have the same 
(—> Nat normal form. 
Nat) P 
ae The normal form of (+ 1) is 
as incr? 
(d (n) 
(add1 n)), 
while the normal form of incr is 
(x (n) 
(iter-Nat n 
af 
AG 
(add j)))). 
They are not the same. 
That’s right. “ But isn’t sameness a judgment, not a 
type? 
Even though they are not the same, the 
fact that they always find the same 
answer can be written as a type. 
Sameness is indeed a judgment. But, "Another sandwich? 
with a new type constructor, types can 
express a new idea called equality. Okay. 
Writing 
“incr and (+ 1) always find the same 
answer.” 


as a type is hungry work. You'd better 
have this 


(sandwich "grinder) 
to keep your energy up. 
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An expression Is this another way to construct a 
(= X from to) dependent type? 
is a type if 
X 
is a type, 
from 
is an X, and 
to 
is an X. 
The Law of = 
An expression 
(= X from to) 
is a type if X is a type, from is an X, and to is an X. 
Yes, = is another way to construct a = Okay. 


dependent type, because from and to 
need not be types. 


Because from and to are convenient 
names, the corresponding parts of an 
=-expression are called the FROM and 
the To. 


Reading FROM and TO as Nouns 


Because from and to are convenient names, the corre- 
sponding parts of an =-expression are referred to as the 
FROM and the To. 
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Is ‘ Yes, because Atom is a type and both 
(= Atom "kale 'blackberries) ‘kale and ‘blackberries are Atoms. 

a type? 

Is si Yes, because Nat is a type and both 
(= Nat (4+ 11) 2)f (+ 1 1) and 2 are Nats. 

a type? 


tThank you, Alfred North Whitehead (1861- 
1947) and again Bertrand Russell. Page 379 of Prin- 
cipia Mathematica, their 3-volume work published 
respectively, in 1910, 1912, and 1913, states, “From 
this proposition it will follow, when arithmetical ad- 
dition has been defined, that 1+ 1 = 2.” 


16 


Is Yes, it is, because 
(= (car (cons Nat 'kale)) (car (cons Nat 'kale)) 
7 and Nat are the same type, and the 
(+ 14 3)) FROM and the TO are both Nats. 
a type? 
Is : Yes, it is. Frame 12 requires only that 
(= (car (cons Nat 'kale)) the FROM and the TO are Nats, not that 
15 they are the same Nat. 
+143 
( ») But what is the purpose of =? 
a type? 


To understand =, it is first necessary to 
gain a new perspective on types. 


Types can be read as statements.t 


}Thank you Robert Feys (1889-1961), Nicolaas 
Govert de Bruijn (1918-2012), and again Haskell 
B. Curry. Thanks William Alvin Howard (1926-). 
Statements are sometimes called propositions. 


How can 
(= Atom "apple ‘apple) 
be read as a statement? 
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The type Does 
(= Atom ‘apple 'apple) “Two plus two equals four” 
can be read: make sense? 


“The expressions ‘apple and ‘apple are 
equal Atoms.” 
How can 

(= Nat (+ 2 2) 4) 
be read as a statement? 


Yes, it does. In what way do 
“Three plus four equals seven” 
and 
(+ 3 4) is the same Nat as 7 
differ? 
The statement ” Here's a judgment: 
“Three plus four equals seven” “Three plus four equals seven” is a 
is another way of writing the type type. 
(= Nat (+ 3 4) 7), 
which is an expression, but 
(+ 3 4) is the same Nat as 7 
is a judgment about expressions. 
Frame 1:12 describes judgments. A 
judgment is not an expression—rather, a 
judgment is an attitude that a person 
takes when thinking about expressions. 
Well-spotted. * What are some others? 


=-expressions are not the only types that 
can be read as statements. 
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A [expression can be read as “for 
every.” Consider this example, 
(1) ((n Nat)) 
(= Nat (+ 1 n) (add1 n))) 
can be read as 


“For every Nat n, (+ 1 7) equals 
(add1 n).” 


m Okay. But what is the point of reading 
types as statements? 


If a type can be read as a statement, 
then judging the statement to be true 
means that there is an expression with 
that type. So, saying 


“(4 0) and n are equal Nats.” 
means 
“There is an expression with type 
(= Nat (+ 70) n).” 


*“ Does this mean that truth requires 
evidence? 


It goes further. Truth means that we 
have evidence.’ This evidence is called a 
proof. 

iThank you, BHK: L. E. J. Brouwer (1881- 


1966), Arend Heyting (1898-1980), and Andrey Kol- 
mogorov (1903-1987). 


In principle, they could be, but many 
types would be very uninteresting as 
statements. 


A person does, by being interested in it. 
But most interesting statements come 
from dependent types. Nat is not an 
interesting statement because it is too 
easy to prove, 


” Can every type be read as a statement? 


* What makes a statement interesting? 


” How can Nat be proved? 
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28 


Pick a number, any number. Okay, 
15. 
Good job. You have a proof. ” ‘That isn’t very interesting. 
Right. ” That explains it. 
Another way to think about statements : Having seen a claim, it makes sense to 
is as an expectation of a proof, or as a expect a definition. 


problem to be solved. 


: : * > . 
Frame 12 describes when an =-expression —__ Here, “values” means the same thing as 


is a type, but it says nothing about what “proofs,” right? 
the values of such a type are. 


Exactly right. How is same used? 


There is only one constructor for =, and 
it is called same. same takes one 
argument. 


The expression “What is an example of this? 


(same e) 
is an 

(=X ee) 
if eis an X. 


The Law of same 


The expression (same e) is an (= X ¢ e) if e is an X. 
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The expression * ‘Phat doesn’t seem right. 
; fpaineray) In frame 34, same’s argument as well as 
Ieee the FROM and TO arguments of = have 
(= Nat (+ 17 4) (+ 11 10)). to be identical, but here, 21, 
(+ 17 4) 
and 
(+ 11 10) 
look rather different. 
Both “ Does this mean that 
(+ 17 4) (same (incr 3)) 
and is an 
(+ 11 10) (= Nat (+ 2 2) 4)? 
are the same Nat as 21, so they are the 
same. 
Yes, i Why is this so important? 


(same (incr 3)) 
is a proof of 
(= Nat (+ 2 2) 4). 


The Law of same uses e twice to require 


that 


the FROM is the same X as the To. 


With the type constructor = and its 
constructor same, expressions can now 
state ideas that previously could only be 


judged.t 


1 Creating expressions that capture the ideas be- 
hind a form of judgment is sometimes called inter- 


nalizing the form of judgment. 
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Expressions can be used together with 
other expressions. 


By combining N with =, we can write 
statements that are true for arbitrary 
Nats, while we could only make 
judgments about particular Nats. Here’s 
an example: 


(claim +1=add1 
(1 ((n Nat)) 
(= Nat (+ 1 n) (addi n)))) 


That’s a solid start. What goes in the 
box? 


oe 


The definition of +1=add1 clearly has a \ 
at the top because its type has a N at 
the top. 


| (define +1=add1 
1 (d(n) 


Following the Law of ), 
(= Nat (+ 1 n) (add1 n)) 


is the type of the body of the 
d-expression. 


Right, the box should contain an 
(= Nat (+ 1 n) (add1 n)). 


What is the normal form of the box’s 
type? 


That's right. 


Now finish the definition. 


The normal form of the box’s type is 
(= Nat (addi n) (addi n)) 

because the normal form of 
(+1) 

is 


(add1 n). 


Okay, so the expression in the box in 
frame 38 is 


(same (add1 n)). 


1 ae 
Here it is. 


(define +1=add1 
(d (n) 
(same (addi n)))) 


180 


Chapter 8 


prior permission, Violators will be prosecuted. 


What statement does +1=add1 prove? 


Here is another statement. 


“For every Nat n, (incr n) is equal to 
(add1 n).” 


Translate it to a type. 


2 


3 


The statement is 


“For every Nat n, (+ 1 n) equals 
(addi n).” 


Let’s call it incr=add1. 


(claim incr=add1 
(11 ((a Nat)) 
(= Nat (iner n) (add1 n)))) 


Now define incr=add1. 


Isn't it just like +1=add1? 
‘(define incr=addd SS 
(d (n) 


Not quite. What is the normal form of 
(incr n)? 


That's right. This normal form is 
neutral. 


What is a neutral expression? 


Why is 
(iter-Nat 7 
1 
(+ 1)) 


neutral? 


ry 


1.| (incr n) 

2.| (iter-Nat n 
1 
(+ 1)) 


The normal form is not the same Nat as 
(add1 n). 


Neutral expressions are described in 
frame 2:24 on page 39. 


Neutral expressions are those that 
cannot yet be evaluated. 


Because iter-Nat chooses the base when 
the target is zero, or the step when the 
target has add1 at the top. But 1 is 
neither. 
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A more precise way to define neutral - Okay. 
expressions is to start with the simplest 
neutral expressions and build from there. 


Variables are neutral, unless they refer to 
definitions, because a defined name is the 
same as its definition (see page 43). 


49 


Also, if the target of an eliminator So, 
expression is neutral, then the entire (iter-Nat n 
expression is neutral. 1 


(+ 1)) 
is neutral because iter-Nat is an 
eliminator and its target, n, is a variable. 


Is every expression that contains a 
variable neutral? 


Neutral Expressions 


Variables that are not defined are neutral. If the target of 
an eliminator expression is neutral, then the eliminator 
expression is neutral. 


No. ” But if the whole expression were just 
(add1 x), then it would be neutral 
The body of the }-expression because it would contain the neutral x. 
O () ' 
(add1 x)) Are neutral expressions normal? 


contains the variable x, but \-expressions 
are values, not neutral expressions. 
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Not always. 


Some types have ways of making neutral 
expressions into values, and in these 
cases, the neutral expression is not 
considered normal, because it can be 
made into a value. 


A neutral expression whose type has N 
at the top is not normal. This is because 
a neutral expression f is the same as 


(x) 
(fx), 


which is a value. 


Which types work this way? 


a Why does this mean that f is not 


normal? 


What does it mean for an expression to 
be normal? 


By the Second Commandment of \! on = 


page 140, f is the same as 
O (x) 
(fx); 


but they are not written identically. 


tCommandments such as this one are often 
called y- (pronounced “eta”) rules. These normal 
forms in which all possible y-rules have been applied 
to make values are called 7-long normal forms. 


The big box on page 13 states that if two 
expressions are the same, then they have 
identical normal forms. 


One is wrapped in a \, the other is not. 


At most one of them can be the normal” 


form. The one wrapped in } is the 
normal form. Because expressions with \ 
at the top are values, they are not 
neutral. Neutral expressions do not have 
a constructor at the top. 


Are there any others? 
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Yes. 


Because of the Second Commandment of 
cons from page 44, if pis a 

(Pair A D), 
then p is the same as 

(cons (car p) (cdr p)). 
For the very same reason, the only 
normal forms for pairs are expressions 
with cons at the top, so there are no 
neutral pairs that are normal. 


Where do neutral expressions come 
from? 


Neutral expressions, like (iner )’s 
normal form in frame 45, occur 
frequently when =-expressions mention 
argument names in [-expressions. 


How can we find a definition for 
incr=add1? same does not do the job, 
after all, and incr=add1’s type has a 
neutral expression in it. 


Judgments, like 

(incr n) is the same Nat as (add1 n), 
can be mechanically checked using 
relatively simple rules. This is why 
judgments are a suitable basis for 
knowledge. 


Expressions, however, can encode 
interesting patterns of reasoning, such as 
using induction to try each possibility for 
the variable in a neutral expression. 


Does this mean that induction can be 
used to prove that (incr n) and (add1 n) 
are equal, even though they are not the 
same? 
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Yes, using ind-Nat because the type 
depends on the target. 


' (define incr=add1 ' 
(» (n) ' 
(ind-Nat n f 
mot-incr=add1 ' 
base-incr=add1' 1 
step-incr=add1))) 


1 
1 
1 
' 
1 
' 
' 
' 
1 
' 


What is the type of base-incr=add1? 


tNames like base-incr=add1 should be read “the 
base for iner=add1,” not as “base-incr equals add1.” 


Now abstract over the constant zero in 
base-incr=add1’s type to define 
mot-incr=add1. 


Following the Law of ind-Nat, what is 
step-incr=add1's type? 


Use a dashed box for now. 


The base’s type in an ind-Nat-expression 
is the motive applied to zero. (incr zero) 
is not neutral, and its normal form is 
(add1 zero) as seen in frame 5, so it is 
the same Nat as (add1 zero). 


(claim base-incr=add1 

(= Nat (iner zero) (add1 zero))) 
(define base-incr=add1 

(same (add1 zero))) 


Each zero becomes k. 


(claim mot-incr=add1 
(— Nat 
U)) 
(define mot-incr=add1 
(X (k) 
(= Nat (incr k) (addi k)))) 


* Tt is found using mot-incr=add1. But 


why is it in a dashed box? 


(claim step-incr=add1 
(A ((n-t Nat)) 
(> (mot-incr=add1 17-1) 
(mot-incr=add1 (add1 n-1))))) 


Solid boxes are used when the final 
version of a claim or definition is ready. 
Even though this is the correct type, it 
can be written in a way that is easier to 
understand. 


* What is that easier way of writing it? 
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Here is another way to write * Why is that the same type? 
step-incr=add1’s type. 
| (claim step-incr=add1 
| (M1 ((n-t Nat)) 
(—> (= Nat 
(incr n-1) 
(addi n-1)) 
(= Nat 
(iner 
(add1 n-1)) 
(add1 


(add1 n-1)))))) 


1 
' 
1 
1 
' 
' 
' 
1 
' 
1 
' 
' 
1 
1 
' 
1 


Because The value is 
(mot-incr=add1 n-1) (= Nat 
and (iner 
(= Nat (addi n-1)) 
(iner n-1) (add1 
(add1 n-L)) (add1 n-1))), 
are the same type.! which is the other type in the 


—-expression in frame 63. 
What is the value of 


(mot-incr=add1 (add1 n-1))? 


This uses the fourth form of judgment. 


How can that type be read as a Hard to say. 

statement? 
How can —-expressions be read as 
statements? 
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The expression 

(3 xX 

Y) 

can be read as the statement, 

“if X, then Y.” 
This works because its values are total 
functions that transform any proof of X 
into a proof of Y. 


Here goes, 


The step’s type is a N-expression, which 
means that the statement starts with 
“every.” After that is an —, which can 
be read as “if” and “then.” And = can be 
read as “equals.” 


The expression 
(> Xx 
Y) 


“if X then Y.” 


“Tf” and “Then” as Types 


can be read as the statement, 


How can step-incr=add1’s type be read as 
a statement? 


 s. 
“For every Nat n, 


if 

(incr n) equals (add1 n), 
then 

(iner (add n)) 
equals 

(add1 (add1 n)).” 


Pick a Number, Any Number 


187 


prior permission. Violators will be prosecuted. 


Unlike previous statements, to prove this ” ‘Phe iter-Nat gets stuck on n-l, but an 


statement, we must observe something 
about incr. 


What is the normal form of 
(iner 
(add1 n-t))? 


In other words, 
(iner 
(add1 n-1)) 
is the same Nat as 
(add1 
(incr n-1)) 
because (incr n-1) is the same Nat as 
(iter-Nat n-l 
1 


(> (x) 
(add1 x))). 


This is the observation. 


9 


add1 does make it to the top. 
1.) (incr 
(add1 n-1)) 
(iter-Nat (add1 n-1) 
1 
(+ 1)) 
3] (+1 
(iter-Nat n-1 
a 
(+ 1))) 
4.) (addi 
(iter-Nat 1-1 
i 
(+ 1))) 
(addi 
(iter-Nat n-1 


i) 


on 


1 
( (x) 
(addi x)))) 


Okay, so the type of step-incr=add1 can 
also be written this way. There is a gray 
box around the part that is different 
from the version in frame 63. 


(claim step-incr=add1 
(Nl ((n-t Nat)) 
(—> (= Nat 
(iner n-1) 
(add1 n-1)) 
(= Nat 
(add1 
(iner 
(add1 
(add1 n-1)))))) 
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The box is now solid because it is easy to a Okay. But how can it be made true with 
see why this type makes sense. If two a proof? 

Nats are equal, then one greater than 

both of them are also equal. 


Observation about incr 
No matter which Nat n is, 
(incr (add1 n)) 


is the same Nat as 
(add1 (incr n)). 


Here’s the start of a definition of The almost-proof for n-1 is an 
step-incr=add1. (= Nat 
Hewwictanine=sdd!  ### 1 (incr n-1) 
(y (n-t) ‘ (add1 n-1)). 
(\ (iner=add1y,3) | What can be used in the white box to 
' 


Fannie ))) turn an almost-proof into a proof of 
(= Nat 
(add1 
(incr n-1)) 
(add1 
(add1 n-1)))? 


cong! is an eliminator for = that is What is a cong-expression? 
useful here. 


Short for “congruence.” 


First things first. It’s time to sit back Another sandwich? 
and have a 


(sandwich 'submarine). This is a bit too much to eat. 


Pick a Number, Any Number 189 


prior permission, Violators will be prosecuted. 


Returning to the problem at hand, "Is there another way to look at cong? 
(cong target f) 


is used to transform both expressions 
that target equates using f. 


If f is an 

(7X 

Y) 

and target is an 

(= X from to), 
then 

(cong target f) 
is an 


(= Y (f from) (f to)). 


This diagram shows how cong is used. ” How can cong be used to complete the 
definition of step-incr=add1? 


X | (= X from to ) 


Zz (cong Sf) 


(f from) (f to) ) 


he 
a 
" 
< 


The Law of cong 


and target is an (= X from to), 
then (cong target f) is an (= Y (f from) (f to)). 
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In this case, X is Nat, Y is Nat, and incr=add1p’s type is 
target is incr=add1,.. (= Nat (incr n-l) (add1 n-1)), 


What are from and to? so from. is (iner n-1) and to is (add1 n-1). 


What function f transforms In each case, an add1 is added to the top. 
(incr n-1) into (add1 (incr n-1)) How about using add1 for f? 
and 


(add1 n-1) into (add1 (add1 n-2))? 


add1 is a constructor, but it is not an “ How about using incr for f? 
expression when it is not used as the top 
of a Nat tucked under it. 


An add1-expression must have an 
argument. 


While incr does indeed add one to its ” How about using (+ 1) for f? 
argument, it does not result in an add1 

immediately when its argument is 

neutral. 


An excellent choice. There is now an Okay. 
expression for the white box. 


“(cong incr=add1,,1 | (+ 1)) 


(define step-incr=add1 
(d (n-1) 
(X (incr=add1),1) 
(cong incr=add1,, (+ 1))))) 
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It is now possible to define incr=add1. 


1 
The motive, the base, and the step are 


now defined, so the previous definition of 
incr=add1 in frame 59 is now solid. 


(define incr=add1 
(d (n) 

(ind-Nat n 
mot-incr=add1 
base-incr=add1 
step-incr=add1) ) ) 


It’s time for another sandwich: 
(sandwich 'hero). 
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Another one! 


Yes, another one. 


Why is ind-Nat needed in the definition 
of incr=add1, but not in the definition of 
+1=add1? 


Neutral expressions are those that 
cannot yet be evaluated, but replacing 
their variables with values could allow 
evaluation. 


What is the type of 
(incr=add1 2)? 


83 


oy 


Because the normal form of (incr n) is 
the neutral expression in frame 45, but 
based on the definition of +, the normal 
form of (+ 1 n) is (add1 n). 


‘The expression 
(incr=add1 2) 
is an 


(= Nat (iner 2) (add1 2)). 


Tn other words, it is an 
(= Nat 3 3) 
because (incr 2) is not neutral. 
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What is the normal form of 
(incr=add1 2)? 


How is a cong-expression evaluated? 


” Here's the start of the chart. 
hs 


2. 


(incr=add1 2) 

(ind-Nat (add1 1) 
mot-incr=add1 
base-incr=add1 
step-incr=add1) 

(step-incr=add1 1 
(ind-Nat 1 

mot-incr=add1 
base-incr=add1 
step-incr=add1)) 

(cong (ind-Nat (add1 0) 

mot-incr=add1 

base-incr=add1 

step-incr=add1) 
(+ 1)) 


Like other eliminators, the first step in 
evaluating a cong-expression is to 
evaluate its target. If the target is 
neutral, the whole cong-expression is 
neutral, and thus there is no more 
evaluation. 


86 
What if the target is not neutral? 


If the target is not neutral, then its value 
has same at the top because same is the 
only constructor for =-expressions. 


The value of 

(cong (same 2) f) 
is 

(same (f 2)). 


. Okay, the next step in finding the normal 


form is to find the value of cong’s target. 
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ind-Nat’s target has add1 at the top, so 
the next step is to use the step. 
5. | (cong (step-incr=add1 0 
(ind-Nat zero 
mot-incr=add1 
base-incr=add1 
step-incr=add1)) 
(+1) 


ss 


The next ind-Nat’s target is zero. 


6. 


il. 


(cong (cong base-incr=add1 
(+ 1)) 
(+ 1)) 
(cong (cong (same (add1 zero)) 
(+ 1)) 
(+ 1)) 
(cong (same ((+ 1) (add1 zero))) 
(+ 1)) 
(cong (same (add1 (add1 zero))) 
(+ 1)) 
(same 
((+ 1) 
(add1 
(add1 zero)))) 
(same 
(add1 
(add1 
(addi zero)))) 


If «is an X, and f/ is an 
(> X 
¥), 


(= Y Ff 2) (2) 


as 


(same (f 2)). 


The Commandment of cong 


then (cong (same z) f) is the same 
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The interplay between judging sameness But what about my stomach? There’s 
and stating equality is at the heart of really only space for one sandwich. 
working with dependent types. This first 

taste only scratches the surface. 


Today’s your lucky day! Oh, what a relief! There és just one 
sandwich: 


(claim sandwich 7 
(same 'delicious) 


(— Atom 
Atom)) is a proof that 
(define sandwich (sandwich 'hoagie), 
(\ (which-sandwich) (sandwich 'grinder), 


"delicious) ) 


(sandwich 'submarine), and 
(sandwich ‘hero), 


are all equal. 


Enjoy your sandwich, but 
if you’re full, wrap it up for later. 


This page makes an excellent sandwich wrapper. 
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In chapter 8, there is only one eliminator 
for =, called cong. 


But cong has one key limitation. 


What is the type of a cong-expression? 


What is that? 


: By the Law of cong, if target is an 


(= X from to) 
and f is an 


(Ax 
Y), 


then 
(cong target f) 
is an 


(= Y (f from) (f to)). 


That's right. 


How is this different from eliminators 
such as ind-Nat? 


An ind-Nat-expression can have any 
type—it all depends on the motive. But 
a cong-expression’s type always has = at 
the top. 


cong is a special-purpose eliminator. But 
there is also a more general eliminator, 
called replace. 


If two expressions are equal, then 
whatever is true for one is true for the 
other. We call this principle Leibniz’s 
Law.' 

'Leibniz’s Law is also used to refer to the prin- 
ciple that if whatever is true for one is true for the 


other, then they are equal. Thank you, Gottfried 
Wilhelm Leibniz (1646-1716). 


What does replace mean? 


"What does this have to do with replace? 


Double Your Money, Get Twice as Much 
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replace is more powerful than cong 
because any use of cong can be rewritten 
to a use of replace, just as any use of 
which-Nat, iter-Nat, or rec-Nat can be 
rewritten to a use of ind-Nat. 


How does replace differ from cong? 


Like cong, replace’s target is an 
(= X from to). 


Unlike cong, however, replace has a 
motive and a base. 


That is how the motive works in ind-Nat, 
but not in replace. 


In replace, the motive explains what is 
true for both expressions in Leibniz’s 
Law. It is an 
(x 
u) 
because it explains how to find a YU (and 
therefore a statement) from an X. 


The base is evidence that (mot from) is 
true. That is, the base’s type is 
(mot from). 


Is a replace-expression’s type determined 
by applying the motive to the target’? 


* What about the base? 


* “What about the whole 


replace-expression? 


The whole replace-expression is evidence 
that (mot to) is true. In other words, its 
type is 


(mot to). 


* ie replace replaces from with to. 


Take a look at step-incr=add1 in 
frame 8:80 on page 191. 


Okay. It is defined using cong. 
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If target is an 
(= X from to), 
mot is an 


and base is a 
(mot from) 
then 


(replace target 
mot 
base) 
isa 
(mot to). 


The Law of replace 


That's right. 
But it could also be defined using replace. 


What is the claim again? 


: Using the observation about iner in 


frame 8:68, the add1 is already on the 
outside of the incr as if it were ready for 
cong. 


(claim step-incr=add1 
(Fl ((n-t Nat)) 
(> (= Nat 
(iner n-1) 
(add1 n-1)) 
(= Nat 
(add1 
(iner n-1)) 
(add1 
(addi n-1)))))) 
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Here is the start of a definition using 
replace. 
| (define step-incr=add1 
(d (n-l) 
(\ (incr=add1p2) 
(replace incr=add1).1 


The target is incr=add1,;, which is the 
only available proof of equality here. 


To find the motive, examine the 
replace-expression’s type. 


Look for the TO of the target’s type. 


= The target, incr=add1p1, is an 
(= Nat 
(incr n-1) 
(add1 n-l)). 
The whole replace-expression should be 
an 
(= Nat 
(add1 
(incr n-1)) 
(add1 
(add1 n-1))). 


"The To is (add1 n-1), which is certainly 
in the replace-expression’s type. 


(= Nat 
(add1 
(incr n-1)) 
(addi 
(add1 n-1) |)) 


The motive is used to find the types of 
both the base and the whole 
replace-expression. The base’s type is 
found by placing the target’s type’s 
FROM in the gray box, while the entire 
expression’s type is found by placing the 
target's type’s TO in the gray box. 
(= Nat 

(add1 

(incr n-1)) 
(add1 


15 
An expression that is missing a piece can 
be written as a \-expression. 
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To find the motive, abstract over the TO 
of the target’s type with a. 


The base’s type is found by applying the 
motive to the FROM of the target’s type. 
So, in this case, it is 
(0 (k) 
(= Nat 
(add1 
(incr n-L)) 
(add1 
k))) 
(iner n-1)) 
2.) (= Nat 
(add 
(incr n-1)) 
(add 
(incr n-1))) 


~ 


Double Your Money, Get Twice as Much 


* That gives this expression: 


(» (k) 
(= Nat 
(add1 
(incr n-1)) 
(add1 
k))). 


But if replace replaces the FROM with 
the TO, why should we abstract over the 
TO, rather than the FROM? 


7 Applying the motive to an argument is 


like filling in the gray box. 


(= Nat 
(add1 
(incr n-1)) 


(add1 
(incr n-1) 
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Now that we know the base’s type, what " ‘The base is 
is the base? (same 


(addi 
(incr n-1))), 
and leads to 


' (define step-incr=add1 
(X (n-1) 

(X (incr=add1,7) 
(replace incr=add1,,4 
i) 

i) 


(same (add1 (iner n-1))))))) 


Now define the motive. The motive takes n-1 as an argument, 
just as step-* takes j as an argument. 


(claim mot-step-incr=add1 
(— Nat Nat 
U)) 
(define mot-step-incr=add1 
(X (n-l k) 
(= Nat 
(add1 
(incr n-l)) 
(add1 
k)))) 


Finally, complete the definition from ” Because step-incr=add1 is already defined 
frame 17. in chapter 8, this remains in a dashed 
box. 


1 (d (n-2) 

| (A (iner=add 12) 
| (replace incr=add1),1 

\ (mot-step-incr=add1 n-1) 

f (same (add1 (incr n-1))))))) 


a aS pao eae el 
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Yes, only one definition for each claim. 


Now, define double to be a function that 
replaces each add1 in a Nat with two 
addls. 


(claim double 
(—> Nat 
Nat)) 


(double n) is twice as big as n. What is 
another function that finds the same 
answer? Call it twice. 


(claim twice 
(— Nat 
Nat)) 


It happens to be the case that, 


“For every Nat n, (twice n) equals 
(double n).” 


How can this statement be written as a 
type? 


Very perceptive. 


Why is this claim true? 


” This is a job for iter-Nat. The step is 
(+ 2) because the normal form of (+ 2) is 
(» @) 
(add1 
(add1 j))). 


(define double 
(d (n) 
(iter-Nat n 
0 
(+ 2)))) 


* How about this? 
(define twice 
(x (”) 
(+ 1n))) 


” Because this statement is likely to get a 
proof, it gets a name. 


(claim twice=double 
(1 ((n Nat)) 
(= Nat (twice n) (double n)))) 


. Every Nat value is either zero or has 
add1 at the top. Both (twice zero) and 
(double zero) are zero. 
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What about add1? For add1, 
(twice (add1 n-1)) 
is the same Nat as 
(+ (add1 n-1) (add1 n-1)), 
but 
(double (add1 n-1)) 
is the same Nat as 
(add1 (add1 (double n-1))). 


26 


Is No, it isn’t. 
(+ (add1 n-1) (addi n-t)) 
the same Nat as 
(add1 (add1 (+ n-l n-l)))? 


But surely they must be equal. 


aT 


That's right. Right, because only the first argument is 
the target of iter-Nat in +’s definition. 

To prove twice=double, an extra proof is 

needed. While an add1 around +’s first 

argument can be moved above +, an 

add1 around +’s second argument cannot 

be—at least not without a proof. 


Even though They are not the same, but one can be 
(+ n (add1 j)) replaced with the other. 


is not the same Nat as 
(add (+ n j)), 
they are equal Nats. 
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The statement to be proved is ” Phis looks like a job for ind-Nat. 
add1+=+add1. Worr- croc c+ r+ 2-2 ---------- 1 
i (define add1+=+add1 ! 
(claim add1+=+add1 | (\(nj) ' 
(N ((n Nat) | (ind-Nat n t 
G Nat)) i (mot-add1+=+add1 j) 1 
(= Nat ; (same (add1 /)) 


(addl (+ 1 J)) (step-add1+=+add1 /)))) 
(+n (addt 4))))) lessen paeesnirennent retinal 
The motive and the step both need Jj, 


just like step-*. The base is 
(same (add1 j)). 


Why is the base ’ Because 
(same (add1 /))? (add1 (+ zero j)) 
is the same Nat as 
(add1 j) 
and 


(+ zero (add1 j)) 
is also the same Nat as 
(addi j). 


What is mot-add1+=+add1? It is the type of the ind-Nat-expression, 
abstracted over the target. In other 
words, every occurrence of nin the claim 
add1+=+add1 becomes k. 


(claim mot-add1+=+add1 
(— Nat Nat 
u)) 
(define mot-add1+=+add1 
(\ Gk) 
(= Nat 
(add1 (+ k j)) 
(+ k (add1 J))))) 
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Here is step-add1+=+add1’s type. 


(claim step-add1+=+add1 
(Nl (G Nat) 
(n-1 Nat)) 
(— (mot-add1+=+add1 j 
n-l) 
(mot-add1+=+add1 j 
(addi n-1))))) 


What is a more explicit way to write 


(mot-add1+=+add1 j 
(addl n-1))? 


a3 


Now define step-add1+=+add1. 


Applying mot-add1+=+add1 gives 
(= Nat 
(add1 (+ (addi n-1) j)) 
(+ (add1 n-t) (addi j))). 
That type and 
(= Nat 
(add1 (add1 (+ n-1J))) 
(add1 (+ n-1 (addi /)))) 
are the same type. This is because the 
first argument to + is the target of 
iter-Nat. 


It uses cong. 


(define step-add1+=+add1 
(4 (y m4) 
(\ (add1+=+add1,1) 
(cong addl+=+add1p4 
(+ 1))))) 


What role do cong and (+ 1) play in the 
definition? 


" add1+=tadd1y, is an 


(= Nat 
(add1 (+ n-t /)) 
(+ n-l (add1 j))), 
so using (+ 1) with cong wraps both the 
FROM and the TO with add1, which gives 
the type from frame 32. 
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The definition of add1+=+add1 now 
deserves a solid box because every name 
that it mentions is now defined. 


* Here it is. 
(define add1+=+add1 
(d (nj) 

(ind-Nat n 
(mot-add1+=+add1 /) 
(same (add1 j)) 
(step-add1+=+add1 j)))) 


Because of frame 35, it is true that, for 
all Nats n and j, 


(addl (+ nJ)) 
equals 
(+ n (add1 J). 


“ Right. 


This also means that 
(add1 (+ n-l n-l)) 
equals 
(+ n-l (add1 n-1)) 
because 7m and 7 can both be n-. 


What expression has the type 
(= Nat 
(add1 (+ n-1 n-l)) 
(+ n-l (add1 n-t)))? 


The expression 
(add1+=+add1 n-l n-l) 
is an 
(= Nat 
(add1 (+ n-t n-1)) 
(+ n-l (add1 n-1))). 


Now, use the fact that 
(+ n-l (add1 n-1)) 
equals 
(add1 (+ n-1 n-1)) 
to prove twice=double. 


The statement in frame 24 suggests an 
ind-Nat-expression. 


(define twice=double 
(x (n) 

(ind-Nat n 
mot-twice=double 
(same zero) 
step-twice=double) ) ) 
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What is mot-twice=double? 


” Tt follows the usual approach of 


abstracting over the target. 


(claim mot-twice=double 
(— Nat 
u)) 
(define mot-twice=double 
(n (k) 
(= Nat 
(twice k) 
(double k)))) 


What about step-twice=double? 


Here’s the beginning of the definition. 


(define step-twice=double 
(d (n-l) 
(\ (twice=double, 1) 


What is twice=double,.;’s type? 


ss step-twice=double’s type is built the 


same way as for every other step. 


(claim step-twice=double 
(1 ((n-t Nat)) 
(— (mot-twice=double n-1) 
(mot-twice=double (add1 n-1))))) 


' twice=doubley, is an 
(= Nat 
(twice n-1) 
(double n-1)). 
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The box’s type is Frame 24 explains why 
(= Nat (double (add1 n-1)) 
(twice (add1 n-l)) 

(double (add1 n-1))), 


is the same Nat as 
(add1 


and that type and (add1 (double n-1))). 
(= Nat 
(add1 Why is 
' a? (add1 n-l))) (twice (addi n-1)) 
a 
(add1. (double n-1)))) the same Nat as 
(add1 


the s t 2. 
saleable sa (4 nd (addi n-t)))? 


An observation about + comes in handy. This is very much like the observation 
No matter which Nats j and k are, about incr on page 189. 


(+ (addi 4) k) 
(iter-Nat (add1 j) 
k 


im > 


step-+) 
3.] (step-+ 
(iter-Nat 7 
k 
step-+)) 
4.) (add1 
(iter-Nat 7 
k 
step-+)) 
(add1 
(+ jk). 


o 
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(+ (addi j) k) 
is the same Nat as 
(add1 
(+ 7 4). 


Observation about + 


No matter which Nats j and k are, 


Using this observation about +, 
1.] (twice (add1 n-l)) 
2.) (4 (add1 n-1) (add1 n-1)) 
3. | (add 
(+ n-l (addi n-1))) 


Can cong do the job? 


It is not the same type, but it is nearly 
the same type. 


The expression 
(cong twice=double,. 
(+ 2)) 
is an 
(= Nat 
(add1 
(add1 (+ n-1 n-1))) 
(add1 
(add1 (double n-1)))), 


which is not the same type. 


Replacing 
(addl (+ n-t n-l)) 
with 
(+ n-l (add1 n-t)), 
in the type would do the trick. 


Because 
(addl (+ n-t n-t)) 
equals 
(+ n-l (add1 n-1)), 
replace can move the add1 from the 
second argument of + to the outside. 


Right, because replace is used when the 
type of something nearly fits, and the 
part that doesn’t is equal to something 
that would make it fit. 
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In this case, which part of the type of 


(cong twice=double, 1 
(+ 2)) 
fits? 


Now define the motive. 


mot-step-twice=double needs an extra 


argument, just like step-*. 


(claim mot-step-twice=double 
(—> Nat Nat 
4)) 


What is the target of the 
replace-expression? 


Everything but this gray box fits just 
fine. 


(= Nat 
(add1 


) 


(add1 
(add1 (double n-1)))) 


variable. 


* ‘The empty box becomes a )-expression’s 


(define mot-step-twice=double 
(d (n-1 k) 
(= Nat 
(add1 
k) 
(add1 
(add1 (double n-1)))))) 


9 : 
The expression 


(add1 (+ n-1 n-1)) 
should be replaced by 
(+ n-l (addi n-t)), 
so the target should be 
(add1+=+add1 n-l n-1). 


Here is the definition so far. 


' (define step-twice=double 
1 0d (nd) 
(\ (twice=double,1) 


(replace (add1+=+add1 n-i n-l) 
(mot-step-twice=double n-1) 


The base is the expression whose type is 


nearly right, which is 
(cong twice=double,,4 


(+ 2)). 
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What is the complete definition of The function that is one of the 
step-twice=double? arguments to cong is (+ 2). 


(define step-twice=double 
(\ (n-1) 
(& (twice=doubley1) 
(replace (add1+=+add1 n-I n-1) 
(mot-step-twice=double n-1) 
(cong twice=double,.; 


(+ 2))))) 
And, finally, twice=double deserves a * So far, the type of each 
solid box. replace-expression has = at the top. 


(define twice=double 
(s (n) 

(ind-Nat n 
mot-twice=double 
(same zero) 
step-twice=double) )) 
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Good point. replace is useful because by If a statement is true for every Nat, then 
writing an appropriate motive, it can it is true for 17. One way to prove it is 
have any type. to apply twice=double to 17. 

Find two proofs that, (define twice=double-of-17 


“(twice 17) equals (double 17).” (twicesdouble 17)) 


This is similar to twin-Atom in 


(claim twice=double-of-17 Frame dG. 


(= Nat (twice 17) (double 17))) 
(claim twice=double-of-17-again 
(= Nat (twice 17) (double 17))) 
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What's the other proof? 


In fact, (same 34) is even the value of 
twice=double-of-17. 


Define a function called twice-Vec that 
duplicates each entry in a Vec. For 
example, the normal form of 


(twice-Vec Atom 3 
(vec:: 'chocolate-chip 
(vec:: "oatmeal-raisin 
(vec:: 'vanilla-wafer 
vecnil)))) 
is 
(vec:: 'chocolate-chip 
(vec:: 'chocolate-chip 
(vec:: ‘oatmeal-raisin 
(vec:: 'oatmeal-raisin 
(vec:: "vanilla-wafer 
(vec:: 'vanilla-wafer 


vecnil)))))). 


“ (twice 17) is already the same Nat as 
(double 17), so same can also be used. 


(define twice=double-of-17-again 
(same 34)) 


* What should the type be? 


As the name suggests, the function 
makes a Vec with twice as many entries. 


(claim twice-Vec 
(1 (EU) 
(é Nat)) 
(— (Vec E é) 
(Vec E (twice £))))) 


‘This sounds difficult. 
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Why is that? 


Why is there only a single add1 at the 
top of the length? 


Here’s a more direct way to state the 
problem. 


(claim double-Vec 
(N (EU) 
(£ Nat)) 
(— (Vec E @) 
(Vec E (double £))))) 


" Because the type depends on a Nat, the 


function suggests using ind-Nat with a 
step that uses vec:: twice. 


To use vec::, the desired length must 
have add1 on top. The length of this Vec, 
however, will have only one addi on top. 


Based on observation about + from 
page 210, 


(twice (add1 n-1)) 
is the same 
Nat 
as 
(add1 (+ nt (add1 n-1))). 


That is easier to define with ind-Nat. 
Here’s the base. 


(claim base-double-Vec 
(N ((E U)) 
(— (Vec E zero) 
(Vec E (double zero))))) 
(define base-double-Vec 
(x (E) 
(A (es) 
vecnil))) 


That's right—doubling an empty Vec is 
still empty. What about the motive? 


” Tt can be found by abstracting over zero 


in the base’s type. 


(claim mot-double-Vec (define mot-double-Vec 
(— U Nat (\ (E k) 
U)) (— (Vec E k) 
(Vec E (double k))))) 
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How about the step? 


(claim step-double-Vec 
(N (EU) 
(€-1 Nat)) 
(> (- (Nec E €-1) 

(Vec E (double €-1))) 

(— (Vec E (addi ¢-1)) 

(Vec E 

(double (add1 €-1))))))) 


The step transforms a doubler for a Vec 
with ¢-1 entries into a doubler for a Vec 
with (add1 ¢-1) entries. And 
(double 
(add1 ¢-1)) 


is the same Nat as 


(add1 
(addi 
(double ¢-1))), 


so the two uses of vec:: are expected. 


(define step-double-Vec 
(\ (E €-1) 
(\ (double-Vecy.1) 
(x (es) 
(vec:: (head es) 
(vec:: (head es) 
(double-Vecp-1 
(tail es)))))))) 


What is the definition of double-Vec? 


Even though it is true that (double n) 
equals (twice n) for all Nats n, it is not 
equally easy to define dependent 
functions that use them. double-Vec is 
easy, while twice-Vec is not. 


"All of its parts are defined, so it deserves 


a solid box. 


(define double-Vec 
(d (E 2) 

(ind-Nat @ 
(mot-double-Vec EF) 
(base-double-Vec E) 
(step-double-Vec E)))) 


“That's right. 
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The proof that (double n) equals "That certainly saves a lot of effort. 
(twice n) for all Nats n can be used to 
define twice-Vec using double-Vec. 


Solve Easy Problems First 


If two functions produce equal results, then use the easier 
one when defining a dependent function, and then use 
replace to give it the desired type. 


The type of What about (twice=double £)? 
(double-Vec E ¢ es) 

is 
(Vec E (double €)). 

The (double ¢) needs to become (twice (). 


What is the target? 


(\ (E @) 
(\ (es) 5 
(replace 


(A (k) 
(Vec E k)) 
(double-Vec E ¢ es))))) 


That's very close, but “ Does this mean that we need to prove 
(twice=double ¢) double=twice now? 
is an 


(= Nat (twice £) (double £)), 


which has the TO and the FROM in the 
wrong order. 
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Luckily, that’s not necessary. Another .: Okay, it’s possible to define twice-Vec. 
special climinator for =, called symm\, 
fixes this problem. 


(define twice-Vec 


(d (E £) 
If target is an (r (es) ( 
replace (symm 
ee i Conic 0)) 
then (d (k) 
(symm target) (Vec E k)) 
is an (double-Vec E ¢ es))))) 


(= X to from). 


tShort for “symmetry.” 


r 


That's right. * Whew! 


The Law of symm 


If ¢ is an (= X from to), then (symm e) is an (= X to from). 


The Commandment of symm 


If zis an X, then 
(symm (same z)) 
is the same 
(= X.aix) 
as 
(same <r). 


Now go eat all the cookies you can find, 
and dust off your lists. 
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Before we get started, here are three 
more expectations, Have you... 


1. figured out why we need induction, 
2. understood ind-Nat, and 


3. built a function with induction? 


More expectations! Here are all the 
expectations from frame 5:2, together 
with these three new expectations. The 
expectations are to have 


e cooked ratatouille, 
e eaten two pieces of cherry pie, 


e tried to clean up with a 
non-napkin, 


e understood rec-Nat, and 

e slept until well-rested; as well as 

1. figured out why we need induction, 
2. understood ind-Nat, and 


3. built a function with induction. 


It seems that these lists are mismatched. 


The lists from chapter 5 don’t have 
obvious lengths, while these lists do. 


(claim more-expectations 
(Vec Atom 3)) 
(define more-expectations 
(vec:: 'need-induction 
(vec:: 'understood-induction 
(vec:: "built-function vecnil)))) 


No, it can’t. That is a job for 


vec-append, which is not yet defined. To 


use vec-append on a List, we must 
transform it into a Vec. 


* But append can’t mix a List and a Vec. 


But to build a Vec, don’t we need a 
number of entries? 
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There is another possibility. 


Previous definitions that used Vec 
accepted the number of entries as 
arguments. But with a new twist on an 
old type, it is possible to build the Vec 
and its length together. 


What does it mean for a value to be a 


* What is that new twist? 


‘A value is a (Pair A D) if 


(Pair A D)? 1. it has cons at the top, 
2. its car is an A, and 
3. its cdr is a D. 
If " When is 
(cons a d) (= ((x A)) 
isa D) 
(£1 (x A) a type 
D), 


then a’s type is A and d’s type is found 
by consistently replacing every x in D 
with a. 


TZ is pronounced “sigma;” also written Sigma. 
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The expression 


(= ((x A) 
D) 


is a type when 


1. A is a type, and 


2. Disa type if x is an At 


Is 
(X ((bread Atom)) 
(= Atom bread "bagel)) 


a type? 


tAnother way to say this is “D is a family of 
types over A.” This terminology is also used for the 


body of a M-expression. 


F Yes, because Atom is a type, and 
(= Atom bread 'bagel) 
is a type when bread is an Atom. 


What expression has the type 


(Z ((bread Atom)) 
(= Atom bread "bagel))? 


* How about (cons 'bagel (same 'bagel))? 


9 


U is a type, and A is certainly a type 
when A is aU. 
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The Law of © 
The expression 


(= ((x A)) 
D) 


is a type when A is a type, and D is a type if x is an A. 


The Commandment of cons 
If pisa 
(Z ((« A)) 
D), 
then p is the same as 
(cons (car p) (cdr p)). 


10 


Name three expressions that have that Nat is a UY and 4 is a Nat, so 
type. (cons Nat 4) 
isa 


(= ((AY)) 

A). 

Two more expressions with that type are 
(cons Atom "porridge), 

and 


(cons (—> Nat 
Nat) 
(+ 7)). 
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Is 


(cons "toast 
(same (:: ‘toast nil))) 


(2 ((food Atom)) 
(= (List Atom) 
(1: food nil) 

(:: "toast nil)))? 


Yes, it is, because consistently replacing 
food with ‘toast in 
(= (List Atom) 
(:: food nil) 
(:: "toast nil)) 
is 
(= (List Atom) 
(:: "toast nil) 
(:: "toast nil)), 
so (same (:: 'toast nil)) is acceptable. 


What is the relationship between = and 
Pair? 


(Pair A D) is a short way of writing 


(= ((x A)) 
D) 
where x is not used in D. 


aod 2 € . . 
This is similar to how some 


N-expressions can be written as 
—-expressions, from frame 6:40. 


How can © combine a number of entries 
with a Vec? 


Like this: 


(= ((€ Nat)) 
(Vec Atom @)). 


Here are seventeen "peas: 
(cons 17 (peas 17)). 


Now give another. 
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What values have that type? 


How about a nice breakfast? 


(cons 2 
(vec:: "toast-and-jam 
(vec:: 'tea vecnil))) 
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It’s good to start the day off right. * How can (Pair A D) be read as a 
statement? 

Types built with +, N, and = can be 

read as statements, and expressions of 

those types are proofs. Similarly, types 

built with Pair and © can be read as 


statements. 
+ . . 16 . 

A (Pair A D) consists of both evidence It is the statement 
for A and evidence for D, with cons at “2 equals 3 and ‘apple equals apple.” 
the top. This means that (Pair A D) can 
be read There is no evidence for this statement, 

“A and D” because there is no evidence for 
because to give evidence for an “and” is “2 equals 3.” 
to give evidence for both parts. and thus nothing to put. in the car. 
How can 


(Pair (= Nat 2 3) 
(= Atom ‘apple ‘apple)) 
be read as a statement? 


Evidence for " What does that mean for I's reading as 
(= ((x A)) a statement? 
D) 


is a pair whose car is an A and whose cdr 
is evidence for the statement found by 
consistently replacing each x in D with 
the car. 
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A &-expression can be read as 
“there exists.” 


For example, 
(= ((es (List Atom))) 
(= (List Atom) 
es 
(reverse Atom es))) 
can be read as 


“There exists a list of atoms that is 
equal to itself reversed.” 


18 
Is that statement even true? 


Here’s a proof: (cons nil (same nil)). 


Are there any other proofs? 


” Of course, because reversing the empty 
list is the empty list. 


Yes, many lists are equal forwards and 
backwards.’ Here is another proof: 


(cons (:: "bialy 


“(c: "bialy nil))))). 


These lists are called palindromes. 


How can this expression be read as a 
statement? 
(= ((es (List Atom))) 
(= (List Atom) 
(snoc Atom es 'grape) 
(:: "grape es))). 


21 


“There exists a list of atoms such that 
adding 'grape to the back or the front 
does the same thing.” 
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Now prove it. 


. Adding 'grape to the back or front of nil 


does the same thing: 


(cons nil 
(same (:: 'grape nil))). 


That’s a proof. 


Is there any other proof? 


23 


Any list of only 'grapes works. 


Here’s another one: 

(cons (:: "grape 
"grape 
"grape nil))) 
tt "grape 
(2: "grape 
i: "grape 

(:: "grape nil)))))). 

There’s no way to tell one 'grape from 
another, so front or back does not 
matter. 


Great job. 


What is the type of a function that 
transforms a List into a Vec? 


That’s correct, at least for now. 


Here is part of the definition. What goes 


in the box? 


u 


Won't list>vec’s type need to use L? 


‘(claim list vec 

| (Nl (EU) 

| (> (List E) 
' (= ((€ Nat)) 
\ (Vec E €))))) 


The expression in the box must check 
whether es is nil or has :: at the top. 


rec-List does that, and the target is es. 
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That's correct. . 


What is the base? 


Why is 
(cons 0 vecnil) 


(= ((€ Nat)) 
(Vec E €))? 


The base is the value when es is nil. 
That should clearly be vecnil, and vecnil 
has 0 entries. 


| (define list vec 
|” (x (E es) 

| (rec-List es 
(cons 0 vecnil) 
i) 


Because the car is a Nat, specifically 0, 
and the cdr is a (Vec E 0). 


step-list+ vec adds one entry to a 


(Z ((€ Nat)) 
(Vec E €)). 


What is the longer Vec’s type? 


A better type is 
(= ((é Nat)) 
(Vec E €)) 
because the point of using I is to have a 
pair whose car is the entire length of the 
cdr. Making the car larger does not 
change the type. 


Define the step. 


How about 


(& ((é Nat)) 
(Vec E (add1 4))), 


because the Vec is one entry longer? 


The type follows the usual approach for 
rec-List. 


| (claim step-list>vec 

1 (N ((EU)) 

|” (> E (List E) (E ((¢ Nat)) 
' (Vec E £)) 
| (E ((¢ Nat)) 

(Vec E £))))) 


To define step-list> vec, an eliminator for 
© is needed. Do car and cdr eliminate ©, 
too? 
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Yes. If pisa That is just like (Pair A D). 
( ((x A)) 
D), 
then (car p) is an A. 


But cdr is slightly different. If there is no x in D, then isn’t this the 


way Pair from chapter 1 works? 
Ifpisa 


(= ((2 A)) 
D), 


then (cdr p)’s type is D where every « has 
been consistently replaced with (car p). 


Indeed. (car p) is a Nat. 


If pisa 
(= ((€ Nat)) 
(Vec Atom @)), 
then what is (car p)’s type? 


If pisa (cdr p) is a (Vec Atom (car p)). 
= ((€ Nat 
( i te 0), So © is another way to construct a 


dependent type. 
then what is (cdr p)’s type? es PF 
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Here is step-list vec. * Here goes. 


| (define step-list vec 
(d (E) 
(0 (e es list+vec.s) 
(cons (add1 (car list+veces)) 
(vec:: e (cdr list>veces)))))) 2. The car of the inner \-expression’s 
SSeS ee 2 body is 
Please explain it. (add1 (car list-+veces)) 
because step-list>vec builds a Vec 
with one more entry than 
(cdr list veces). 


1. The body of the inner \-expression 
has cons at the top because it must 
construct a L. 


3. The cdr of the inner \-expression’s 
body has one more entry than the 
cdr of list>vece;, namely e. vec:: 
adds this new entry. 


(cons 0 vecnil) 
(step-listvec E))))) 


Now, give a complete definition of ” ‘The box is filled with (step-list> vec E). 

list+vec. fee Seas ere aes 30 ‘ 
i (define list vec : 
, (BE 
1 (d (es) H 
(rec-List es 


How might this version of list+vec be This list+vec converts a list into a pair 
summarized? where the car is the length of the list and 
the cdr is a Vec with that many entries. 


For nil, the length is 0 and the Vec is 
vecnil. For ::, the length is one greater 
than the length of the converted rest of 
the list, and vec:: adds the same entry 
that ;; added. 
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What is the value of 
(list> vec Atom 
(:: "beans 
(:: "tomato nil)))? 


87 


Let’s see. 


i. 


(list>vec Atom 
(2: "beans 


G 


: "tomato nil))) 


(rec-List (:: 'beans 


(:: "tomato nil)) 


(cons 0 vecnil) 
(step-list+vec Atom)) 
(step-list> vec Atom 

"beans 

(:: "tomato nil) 

(rec-List (:: "tomato nil) 
(cons 0 vecnil) 
(step-list+vec Atom))) 


(cons 


(add1 
(car 


(rec-List (:: "tomato nil) 
(cons 0 vecnil) 
(step-list> vec Atom)))) 


(vec:: 'beans 
(cdr 


(rec-List (:: "tomato nil) 
(cons 0 vecnil) 
(step-list> vec Atom))))) 


What is the normal form? The “same-as” ” The normal form is 
(cons 2 


chart can be skipped. 


(vec: 


(vec:: "beans 
: ‘tomato vecnil))). 


The definition of list+vec is in a dashed 
box. 


Why? 


” "That means that there is something the 


matter with it? 
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The type given for list+vec is not specific ” But this definition is correct, isn’t it? 
enough. The starting expression 
(2: "beans 
(:: "tomato nil)) 
appears to be the expected normal form. 
Here it is with its length: 


The whole point of Vec is to keep track 
of how many entries are in a list, but 
wrapping it in a © hides this information. 
In chapter 7, specific types were used to 
make functions total. But specific types (cons 2 
can also rule out foolish definitions. (vec:: "beans 

(vec:: 'tomato vecnil))). 


Use a Specific Type for Correctness 


Specific types can rule out foolish definitions. 


Here is a foolish definition that the type > Applying this list+vec to any type and 
of list+vec permits. any list yields (cons 0 vecnil). 


‘(define list+vec 
1 (d(E) 

(X (es) 

' (cons 0 vecnil)))) 


That’s correct. * list-+vec could be a function that always 


produces a Vec with 52 entries. 
What might another incorrect, yet still 


type-correct, definition be? 
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Almost. 


Can it produce 52 entries, each of which 
has type E, when es is nil? 


We don’t know ahead of time which U is 
to be the E that is the argument to the 
d-expression. So there is no way to find 
an entry with that type when es is nil. 


list+vec could be a function that 
produces a Vec with 52 entries when es 
has :: at the top, or 0 entries when es is 
nil, right? 


Yes, it could. 


Writing vec:: 52 times would be tiring, 
though. 


Good idea. Call it replicate. Just as with 
peas, the definition of replicate requires 
the use of ind-Nat. 


Why? 


A definition similar to peas would help 
with that. 


* "The definition of replicate requires the 


use of ind-Nat because, in replicate’s 
type. the Nat ¢ is the target. 


(claim replicate 
(N ((E U) 
(é Nat)) 
(OE 
(Vec E &)))) 


The body of the M-expression depends on 
£, and ind-Nat is used when a type 
depends on the target. 


Even though it is now time for breakfast, 
chapter 7 was not spent in vain! 


What is the base? 


6 . 
The base is a 


(Vec E 0), 
so it must be 


vecnil. 
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Here is mot-replicate’s type. 


(claim mot-replicate 
(3 U Nat 
Y)) 


Now define mot-replicate. 


The definition of mot-replicate follows a 
familiar approach, abstracting over zero 
as in frame 7:66. 


(define mot-replicate 
(x (Ek) 
(Vec E k))) 


The next step is to define step-replicate. 


Just as E is an argument to 
mot-replicate, both E and e are 
arguments to step-replicate. 


This is similar to the way step-»* is 
applied to j in frame 3:66. 


At each step, step-replicate should add 
an entry to the list. 


Where does that entry come from? 


“Here is step-replicate’s definition. 


(claim step-replicate 
(1 ((E U) 
(e E) 
(é-1 Nat)) 
(— (mot-replicate E ¢-1) 
(mot-replicate E (add1 f-1))))) 
(define step-replicate 
(y (E e &-1) 
(X (step-replicate,_,) 
(vec:: e step-replicate,_;)))) 


Now define replicate using the motive, 
the base, and the step. 


50 


‘The components are all available. 


(define replicate 
(\ (E 
(X (e) 
(ind-Nat @ 
(mot-replicate E) 
vecnil 
(step-replicate E e))))) 
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In frame 49, mot-replicate is applied to 
two arguments, but here, it is applied to 
one. Also, step-replicate is applied to 
four arguments, but here, it is applied to 
only two. 


Why? 


Every motive for ind-Nat has type 
(—> Nat 
U). 
Because of Currying, (mot-replicate E) 
has that type. 


Similarly, every step for ind-Nat is 
applied to two arguments. Because of 
Currying, applying the first two 
arguments to the four-argument 
step-replicate produces the expected 
two-argument function. 


replicate is intended to help write an 
alternative definition of list>vec that 
produces a Vec with 52 entries when es 
has :: at the top, or 0 entries when es is 
nil. 


2 


Here, cons in the definition of 
copy-52-times is the constructor of L, 
used to associate the length with the Vec. 


| (claim copy-52-times ‘ 
1; (1 ((EU)) H 
; <aeé ’ 
| (List E) ’ 
H (= ((é Nat)) { 
q (Vec E €)) ‘ 
(= ((¢ Nat)) H 
' (Vec E £))))) H 
(define copy-52-times i 
1 (d(E) ' 
' (A (e es copy-52-times,.) i; 
(cons 52 (replicate E 52 e))))) | 


(define list vec 
(d (E) 
(X (es) 
(rec-List es 
(cons 0 vecnil) 
(copy-52-times E))))) 
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The type can be made more specific by 
making clear the relationship between 
the List and the number of entries in the 
Vec. 


What is that relationship? 


The number of entries in the Vec is the 
length of the List. 


Exactly. Here is a more specific type. 


(claim flist+vec 

(N (EU) 
(es (List E))) 

(Vec E (length E es)))) 


How can list>vec be defined? 


Some of it should be predictable. 


What is the type of the box? 


Yes, the type of list+vec predicts some of 
list vec’s definition. 


' (define list vec i 
1 (d (E es) ' 


... but what goes here? )) 


The type of the box is the body of the 
l-expression in the type of list+vec, 
which is 

(Vec E (length E es)). 
If es were a Nat, then ind-Nat would 
work. But es is a (List E). 


Is there an ind-List? 


Good thinking. 


ind-Nat requires one more argument than 
rec-Nat, the motive. 


Does ind-List also need a motive? 
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ind-List requires one more argument than * What is that expression’s type? 


rec-List, and this argument is also a 
motive: 
(ind-List target 
mot 
base 


step). 


First, target is a (List F). 


Of course. 


Otherwise, ind-List would not be 
induction on List. 


Just as in ind-Nat, mot explains the 
reason for doing induction. In other 
words, it explains the manner in which 
the type of the ind-List-expression 
depends on target. 


What type should mot have? 


What type should base have? 


0 


6 


mot finds a type when applied to a list, 
so it is an 
(> (List B) 
U). 


base is a (mot nil) because nil plays the 
same role as zero. 


The constructor :; plays a role similar to 


add1, except :: has two arguments: an 
entry and a list. 


236 


62 
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that is similar to the step for ind-Nat? 
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Just like the step for ind-Nat transforms * Here, adding an entry e to es with :: 
an almost-answer for n into an answer like adding one with add1 in ind-Nat. 


for (add1 n), the step for ind-List takes 
an almost-answer for some list es and 
constructs an answer for (:: € es). 


step’s type is 
(1 ((e B) 
(es (List £))) 
(— (mot es) 
(mot (:: e es)))). 


is 


The Law of ind-List 


If target is a (List F), 
mot is an 


(> (List Z) 
U), 


base is a (mot nil), and step is a 
(N ((e B) 
(es (List £))) 
(— (mot es) 
(mot (:: e es)))) 
then 
(ind-List target 
mot 
base 
step) 
is a (mot target). 
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The First Commandment of ind-List 


The ind-List-expression 
(ind-List nil 
mot 
base 
step) 
is the same (mot nil) as base. 


The Second Commandment of ind-List 
The ind-List-expression 
(ind-List (:: e es) 
mot 
base 
step) 
is the same (mot (:: e es)) as 
(step e es 
(ind-List es 
mot 
base 


step)). 


Nat and List are closely related. "As expected. 


Thus, an ind-List-expression’s type is 


(mot target). 
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The box in frame 55 should be filled by 
an ind-List-expression. 


Could — have been used to write the 
NM-expression in the type of list+vec in 
frame 54? 


What is base-list+vec’s type? 


6 


The target is es. 


1 (\ (E es) 

| (ind-List es 
' mot-list> vec 

i base-list vec 

i step-listvec))) 


No, because the type 
(Vec E (length E es)) 
depends on both E and es. 


When es is nil, 
(Vec E (length E es)) 
and 
(Vec E 0) are the same type. 


What is the base, then? 


The only (Vec E 0) is vecnil, so there is 
no point in defining base-list+vec. 


| (define list vec 
| (\ (E es) 

| (ind-List es 
i mot-list> vec 

i vecnil 

\ step-list+vec))) 
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Now, working backwards from the type 
of the base, what is the motive? 


That is well-spotted. Abstracting over 
constants often works, but in this case, it 
requires a little fine-tuning with length. 


Here is mot-list+vec’s type. 


(claim mot-list> vec 
(1 (E U)) 
(> (List E) 


u))) 


Now define mot-list- vec. 


What is step-list>vec’s type? 


Now define step-list+ vec. 


Here it is. 


J Abstracting over the zero in the base 


does not immediately work because the 
argument to the motive is a (List E), not 
a Nat. 


But /ength transforms Lists into Nats, 
and appears in the body of the 
N-expression in list>vec’s type in 
frame 54. 


” Here is the definition of mot-list+vec. 


(define mot-list>vec 

(x (E) 
(X (es) 

(Vec E (length E es))))) 


For example, the value of 
(mot-list> vec Atom nil) 
is 
(Vec Atom 0), 


as expected. 


P ; 
No surprises here. 


(claim step-list>vec 
(N (EU) 
(e E) 
(es (List E))) 
(— (mot-list+vec E es) 
(mot-list+vec E (:: e es))))) 


(define step-list> vec 
(\ (E e€ es) 
(X (list veces) 
(vec:: e list vec.s)))) 
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What is the almost-answer list vec.;’s ” Tt is 
type? (mot-list> vec E es). 
Also, 
(mot-list+vec E es) 
and 


(Vec E (length E es)) 
are the same type. 


(length E es) is a Nat, even though it is ” ‘The normal form of (length E es) must 
neither zero nor does it have add1 at the be neutral because the target of rec-List 
top. in length is es, which is a variable. 
What is the type of ” list+ VeCes’s type is 

(vec:: e list-veCes)? (Vec E (length E es)) 


so the type of 
(vec:: e list-rveces) 
is 
(Vec E (add1 (length E es))). 


76 


Why are Because all these expressions are the 
(Vec E (add1 (length E es))) same type. 

and 1. | (mot-listvec E (:: e es)) 
(mot-list> vec E (:: e es)) 2.|(Vec E (length E (:: e es))) 

the same type? 3.|(Vec E (addi (length E es))) 
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Now define list vec. " list+vec finally deserves a solid box. 


(define list vec 
(d (E es) 

(ind-List es 
(mot-list> vec E) 
vecnil 
(step-list+vec E)))) 


This more specific type rules out our two ” Oh nol 
foolish definitions. 


Unfortunately, there are still foolish 
definitions that have this type. 


What is the first foolish definition that es The first foolish definition, in frame 41, 
the new type rules out? always produces 


(cons 0 vecnil). 


What is the other? ” ‘The foolish definition in frame 52 makes 
52 copies of the first entry in the list. 
The new type demands the correct 
length, so it rules out this foolish 
definition. 


What other foolishness is possible? 


Here is a possible, yet foolish, step. "No, the same definition would work. 


Would the definition of list>vec need to Se ee ee , 
be different to use this step? (define list vec 


(replicate E (length E (;: e es)) (step-list+vec E)))) 


[PES GERARD A Ae Oe 1 (Bes) 
| (define step-list vec ' \ (ind-List es ' 
(\ (E ees) ' (mot-list+vec E) 

(\ (list veces) ty vecnil ' 


242 Chapter 10 


prior permission. Violators will be prosecuted. 


Using this foolish definition, what is the The name /ist+veces is dim, so the 
normal form of definition is not actually recursive. 
(list vec Atom 


(1 "bow-of- porridge The normal form is three bowls of 


porridge, 


(:: "banana 
(:: 'nuts nil))))? (vec:: 'bowl-of-porridge 
(vec:: "bowl-of-porridge 
(vec:: 'bowl-of-porridge vecnil))). 
The first is too hot, the second is too * Ts there an even more specific type that 
cold, but the third is just right.t rules out all of the foolish definitions? 


Nevertheless, the definition is 
foolish—'banana and 'nuts make a 
breakfast more nutritious. 


t Thank you, Robert Southey (1774-1843). 


Yes, there is. “And what about appending Vecs? 


Coming right up! But finish your * Can’t wait! 
breakfast first—you need energy for 
what’s next. 


Go have toast with jam and a cup of tea. 


Also, just one bowl of porridge with a banana and nuts. 
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After all that porridge, it’s time for an Yes! Fika. 

afternoon coffee break with Swedish 

treats! 

Here is a list of treats for our fika. * Sounds great! But how can treats be 


combined with drinks? 


(claim treats 
(Vec Atom 3)) 


(claim drinks 


(define treatst (List Atom) 
(vec:: "kanelbullar (define drinks 
(vec:: "plattar (:: 'coffee 


(vec:: "prinsesstarta vecnil)))) (:: ‘cocoa nil))) 


'Kanelbullar are cinnamon rolls, plittar are 
small pancakes topped with berries, and a prins- 
esstarta is a cake with layers of sponge cake, jam, 
and custard under a green marzipan surface. 


That's right—there are some loose ends * Okay. 
from the preceding chapter. One loose 

end is a version of append for Vec, and 

the other is ruling out more foolish 

definitions of list vec. 


If es has ¢ entries and end has / entries, ; Surely they have (+ @ /) entries together. 
then how many entries do they have 
together? 


That’s right. * This looks very much like append’s type. 


(claim vec-append 
( (EU) 
(¢ Nat) 
(j Nat)) 
(— (Vec E €) (Vec E J) 
(Vec E (+ €J))))) 
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How does vec-append’s type differ from This more specific type makes clear how 
append’s type? many entries are in each list. 
Exactly. * An eliminator for Vec. 


To define vec-append, what is missing? 


Actually, it is possible to define Can every operation on Vec that can be 
vec-append in the same style as first, written using ind-Nat also be written 
rest, last, and drop-last, using ind-Nat, using head and tail? 


head, and tail. 


The definition that uses ind-Vec, however, 
expresses its intent more directly. 


No. Is ind-Vec like ind-List? 


In all of the definitions that can be 
written using head and tail, the type 
depends only on the length, which is a 
Nat. Sometimes, though, a type depends 
on a Vec, and then ind-Vec is necessary. 


Yes, ind-Vec is much like ind-List. An “So nis the number of entries in es. 
ind-Vec-expression 
(ind-Vec n es 

mot 
base 
step) 
has two targets: 


Are there any other differences between 
ind-List and ind-Vec? 


1. n, which is a Nat, 


2. and es, which is a (Vec E n). 
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Each part of the ind-Vec-expression must 
account for the number of entries in es. 


mot’s type is 
(M1 ((k Nat) 
(— (Vec E k) 
Uu)) 
because it explains why any target Nat 
and Vec are eliminated. 


1 g : 
Why isn’t # also an argument in the 
N-expression? 


Excellent question. This is because the 
type of entries in a list plays a very 
different role from the number of entries. 


In any individual list, the type of entries 
is the same throughout, but the number 
of entries in the tail of a list is different 
from the number of entries in the list. 


. Why does that matter? 


The entry type FE is determined once, 
and it is the same for the entire 
elimination. But the number of entries 
changes with each of ind-Vec’s steps. 


How is a motive used for the type of a 
step? 


" ‘The type of a step uses the motive in the 
type of the almost-answer and the type 
of the answer. 


This means that the motive is used for 
different numbers of entries. That is why 
the number of entries is an argument to 
the motive. 


These two varieties of arguments to a 
type constructor, that either vary or do 
not vary, have special names. Those that 
do not vary, such as the entry type in 
Vec and List, are called parameters, and 
those that do vary are called indices. 


uM . . . 
So the number of entries in a Vec is an 
index. 
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The Law of ind-Vec 


If nis a Nat, target is a (Vec EF n), motisa 
(1 ((k Nat)) 
(— (Vec E k) 
U)), 
base is a (mot zero vecnil), and step is a 
(N ((k Nat) 
(h BE) 
(t (Vec E k))) 
(> (mot k t) 
(mot (add1 k) (vec:: h t)))) 
then 
(ind-Vec n target 
mot 
base 
step) 
is a (mot n target). 


Yes, it is.7 * “What is base’s type in ind-Vec? 


Whenever a type constructor has an 
index, the index shows up in the motive 
for its eliminator, and therefore also in 
the step. 


TA family of types whose argument is an index 
is sometimes called “an indexed family.” 


base’s type is * Doesn't mot-replicate in frame 10:47 
(mot zero vecnil). receive two arguments as well? 


In ind-Vec, mot receives two arguments, 
rather than one. 
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No, though it does appear to. 


Remember that mot-replicate is Curried. 


Applying mot-replicate to its first 
argument, which is the entry type, 
constructs a one-argument motive to be 
used with ind-Nat. 


step transforms an almost-answer for 


some list t into an answer for (vec:; / t), 


so it isa 
(1M ((k Nat) 
(h E) 
(t (Vec BE k))) 
(— (mot k t) 

(mot (addi k) (vec:: hf t)))). 
Why is mot applied to (add1 k) as its 
first argument in the answer type? 


wv 


What is step’s type? 


The step transforms the almost-answer 
for t into the answer for (vec:: h t), 
which has one more entry than t. 


Why are the head and tail called j and t, 
rather than the usual e and es? 


The name es is already taken to refer to 
the second target. 


Now it is time to use ind-Vec to define 
vec-append. Please start the definition. 


Why is end’s type 
(Vec E (+ €/))? 


19 


20 


Just like append, the base is end. 


| (define vec-append 

| (X(E 2 J) 

| (d (es end) 

1 (ind-Vec ¢ es 

i) 

f mot-vec-append 

\ end 

q step-vec-append)))) 


In the base, es is vecnil. This means that 
the number of entries ¢ in es is zero, and 
(+ zero /) is the same Nat as j. 

1. | (Vec E (+ zero j)) 

2.|(Vec E j) 
end’s type is (Vec E j), which is exactly 
what we need. 
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Now define mot-vec-append. The definition can be found by 


abstracting over the number of entries 
and the list in the base’s type. 


' (claim mot-vec-append 

1 (Nn (EU) 

(k Nat) 

' (J Nat)) 

4 (— (Vec E k) 

A u))) 

| (define mot-vec-append 
1 (4 (Ek j) 

\ (X (es) 

(Vec E (+ k j))))) 


With mot-vec-append in frame 21, " Because the two arguments to the motive 
vec-append would need a \-expression as are the two targets, and es. But the 
its motive. Why? last two arguments to mot-vec-append do 


F ~---~---------------------- not match, so the \-expression swaps k 
i (define vec-append 


(\ (E €j es end) 


and j. 


(ind-Vec ¢ es 
(s (k) 
(mot-vec-append E k j)) 
end 
step-vec-append))) 


The First Commandment of ind-Vec 


The ind-Vec-expression 


(ind-Vec zero vecnil 
mot 
base 
step) 
is the same (mot zero vecnil) as base. 
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The Second Commandment of ind-Vec 


The ind-Vec-expression 
(ind-Vec (addi n) (vec:: e€ es) 
mot 
base 
step) 
is the same (mot (add1 n) (vec:: e es)) as 
(step n e es 
(ind-Vec n es 


mot 
base 
step)). 
Consider this definition of * ‘The d-expression for the motive is no 
mot-vec-append, instead. longer necessary. 
(claim mot-vec-append | (define vec-append ' 
(N (EU) | (N(E ¢/) 
(y Nat) f (X (es end) ' 
(k Nat)) H (ind-Vec £ es ' 
(— (Vec E k) | (mot-vec-append E /) ' 
u))) i end 1 
(define mot-vec-append step-vec-append)))) | 
O(N Eg eee et 
(d (es) 
(Vec E (+ k j))))) 


How does this change vec-append? 


sys . . ua : + r 
When writing a Curried motive, base, or It’s certainly easier to re-order 
step, it pays to carefully consider the mot-vec-append’s arguments than it is to 
order of arguments. write an extra \-expression. 
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Now define step-vec-append. 


What is step-vec-append’s type? 


Keen observation. 


What is the definition? 


All of the pieces of vec-append are ready. 


a This time, / is before k in the arguments. 


(claim step-vec-append 

(Nn (EU) 
Uj Nat) 
(k Nat) 
(e E) 
(es (Vec E k))) 

(—> (mot-vec-append E j 
k es) 
(mot-vec-append E j 
(add1 k) (vec:: e es))))) 


(define step-vec-append 
(\ (E j €-1 ees) 
(X (vec-append,.) 
(vec:: e vec-append,.)))) 


This use of vec:: is justified because 
(+ (addi é-1) j) 
is the same Nat as 
(addi (+ ¢-1j)). 
This relies on the observation on 
page 189. 


” Here is the definition, in a well-earned 


solid box. 


(define vec-append 
(d (E £4) 
(X (es end) 

(ind-Vec £ es 
(mot-vec-append E /) 
end 
(step-vec-append E j))))) 


252 


Chapter 11 


prior permission, Violators will be prosecuted. 


The first loose end has been tied up. * ‘That expression is not described by a 
type because drinks is a (List Atom). 
What is a good name for 


(vec-append Atom 3 2 treats drinks)? But how about fika for this version? 


(claim fika 
(Vec Atom 5)) 


(define fika 


(vec-append Atom 3 2 
treats 
(list+ vec Atom drinks))) 


This fika is foolish if list+vec is foolish. Using this definition, the normal form of 
In frame 10:81, a list>vec is defined that (list-+vec Atom drinks) 
is foolish, but this foolish definition has 


the right type. 
Sats cee ee Soene kSEeinewee (vec:: 'coffee 


' (define step-list vec (vec:: "coffee vecnil)), 
(\ (E e es) 
(X (list+veces) 
(replicate E (length es) e)))) 


is 


but some prefer 'cocoa to "coffee. 


How can we rule out this foolishness? 


(d (E es) 
(ind-List es 
mot-list> vec 
vecnil 
(step-list+vec F)))) 


| (define list+vec 
t 


Thus far, we have used more specific ” What is an example of such a proof? 
types to rule out foolish definitions. 
Another way to rule out foolish 
definitions is to prove that they are not 
foolish. 
tSometimes, using a more specific type is called 


an intrinsic proof. Similarly, using a separate proof 
is called extrinsic. 
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One way to rule out foolish definitions of 
list+vec is to prove that transforming 
the Vec back into a List results in an 
equal List. 


This requires veclist. Here is the 
motive. 


(claim mot-veclist 
(1 ((E U) 
(é Nat)) 
(> (Wec E £) 
u))) 
(define mot-vec-list 
(EO 
(d (es) 
(List E)))) 


What is the step? 


The definition of vec-list is also very 
similar to the definition of list>vec. 


(claim vec list 
(NM ((E U) 
(é Nat)) 
(— (Vec E @) 
(List E)))) 
(define vec—list 
A (E 8 
(d (es) 

(ind-Vec ¢ es 
(mot-vec-list E) 
nil 
(step-vec- list E))))) 


What is the normal form of 
(veclist Atom 3 treats)? 


a 
The step replaces each vec:: with a :: 


constructor, just as step-list+vec replaces 
each :: with a vec:: constructor. 


(claim step-vec- list 
(Nl ((E U) 
(é-1 Nat) 
(e E) 
(es (Vec E £-1))) 
(— (mot-vecslist E 
é-1 es) 
(mot-vec-list E 
(add1 ¢-1) (vec:: e es))))) 
(define step-vec-list 
(\ (E &-1 e es) 
( (vecslistes) 
(2: e@ vecslistes)))) 


* Tt is 


(:: "kanelbullar 
(2: "plattar 
(:: '"prinsesst€rta nil))). 


254 


Chapter 11 


prior permission. Violators will be prosecuted. 


So is it clear how to find the value of an 
ind-Vec-expression? 


38 


Yes, it is just like finding the value of an 
ind-List-expression, except the step is 


applied to both targets. 


How can the statement, 


“For every List, transforming it into a 
Vec and back to a List yields a list that is 
equal to the starting list.” 


be written as a type? 


That is very close, but the second 
argument to vec iist is the number of 
entries in the Vec. 


How many entries does 
(list>vec E es) 
have? 


uM 


The term every implies that there should 


be al. How about this type? 


| (claim list> vec list= 

| (1 (EU) 

\ (es (List E))) 

' (= (List E) 

\ es 

i (vecslist E 

' (list vec E es))))) 


Oh, right, can’t forget the length. 


(claim list vec list= 
(1 ((E U) 
(es (List E))) 
(= (List E) 

es 

(vecslist E 
(length E es) 
(list vec E es))))) 


What is an appropriate target for 
induction? 


The target of induction is es. The 
definition has the usual suspects: a 
motive, a base, and a step. 


(define list vec—list= 
(d (E es) 
(ind-List es 
(mot-list> vec list= E) 
(base-list vec list= E) 
(step-list+vec—list= E)))) 
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What is the base? 


That is the base’s type. 


But what is the base? 


* ‘The base’s type is 


(= (List E) 
nil 
(veclist E 
(length E nil) 
(list>vec E nil))), 
also known as 
(= (List E) nil nil). 


: (same nil), of course. 


Once again, there’s no need to define 


base-list> vec list=. 


Here is the motive’s type. 


(claim mot-list> vec list= 
(1 ((E U)) 
(— (List E) 
u))) 


Define mot-list>veclist=. 


s 
° Abstracting over nil in the base’s type in 
frame 37 leads directly to the definition. 


(define mot-list> vec list= 
(d (E es) 
(= (lst B) 
es 
(vec>list E 
(Jength E es) 
(list-+vec E es))))) 


The only thing left is the step. 


What is an appropriate type for the 
step? 


”  Rollow the Law of ind-List. 


(claim step-list>veclist= 
(N (EU) 
(e E) 
(es (List E))) 
(— (mot-list>veclist= E 
es) 
(mot-list> veclist= E 


(:: e es))))) 
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Here is the beginning of a definition. 


(\ (E ees) H 
(d (list vec list=cs) H 


list vec list=e. 


What can be put in the box to transform 
the almost-proof for es into a proof for 
(:: e es)? 


4a 


The almost-proof, list+vecslist=es, is an 
(= (List E) 
es 
(veclist E 
(length E es) 
(list>vec E es))). 
This is an opportunity to use our old 
friend cong from chapter 8 to eliminate 
list vec list=¢5- 


Remember, cong expresses that every 
function produces equal values from 
equal arguments. 


What is the type of 


(cong (same 'plattar) 
(snoc Atom (:; 'kanelbullar nil)))? 


Prove that 


“consing "plattar onto two equal lists of 
treats produces equal lists of treats.” 
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“4 


Equal in, equal out! 


How would we use cong here? 


snoc does not yet have the new entry to 
be placed at the end of the list. 
Because 


(same 'plattar) 
is an 
(= Atom 'plattar 'plattar), 
and that new entry will be 'plattar, so 
the type is 
(= (List Atom) 
(:: 'kanelbullar 
(:: "plattar nil)) 
(:: "kanelbullar 
(:: 'plattar nil))). 


This proof can be used in the box. 
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First, how can the statement be written 
as a type? 


Proving this statement is easier with this 
definition. 


(claim ::-plattar 
(— (List Atom) 
(List Atom))) 
(define ::-p/attar 
(\ (tasty-treats) 
(:: 'plattar tasty-treats))) 


Use this with cong to prove 
Treat-Statement. 


© “Two equal lists of treats” can be written 


as a [1-expression with two (List Atom) 
arguments and a proof that they are 
equal. 


(claim Treat-Statement 
Uu) 
(define Treat-Statement 
(N ((some-treats (List Atom)) 
(more-treats (List Atom))) 
(— (= (List Atom) 
some-treats 
more-treats) 
(= (List Atom) 
(:: 'plattar some-treats) 
(:: 'plattar more-treats))))) 


“ Here is the definition of treat-proof. 


(claim treat-proof 
Treat-Statement) 
(define treat-proof 
(\ (some-treats more-treats) 
(X (treats=) 
(cong treats= ::-plattar)))) 


Great! 


What can be said about the lengths of 
equal lists? 


‘s Every two equal lists have equal lengths. 
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Now prove that 

“Every two equal treat lists have equal 
lengths.” 
using cong. 


8 ry . . 
length-treats= is similar to treat-proof. 


(claim length-treats= 
(NM ((some-treats (List Atom)) 
(more-treats (List Atom))) 
(— (= (List Atom) 
some-treats 
more-treats) 
(= Nat 
(length Atom some-treats) 
(length Atom more-treats))))) 
(define length-treats= 
(\ (some-treats more-treats) 
(\ (treats=) 
(cong treats= (length Atom))))) 


Returning to the matter at hand, it is 
now possible to fill the box in frame 41 
with a cong-expression. 


The almost-proof, fist+vec-list=.;, is an 
(= (List E) 
es 
(vecslist E 
(length E es) 
(list+vec E es))). 


What is the box’s type in frame 41? 


” The box’s type is 


(= (List E) 
(2 € €s) 
(vecslist E 
(length E (:: e es)) 
(list>vec E (:: e es)))). 


Now it is time for an observation about 
list>vec, similar to the observation 
about + on page 210. 


What is the value of 
1, | (vecslist E 
(length E (:: e es)) 
(list+vec E (:: e es)))? 


50 + 
Let’s see. 


2.) (vecslist E 
(add1 (length E es)) 
(vec:: e (list+vec E es))) 
3.) (Ciee 
(veclist E 
(length E es) 
(list vec E es))) 
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When in Doubt, Evaluate 


Gain insight by finding the values of expressions in types 
and working out examples in “same-as” charts. 


How is this new observation similar to "The preceding observation is that we can 
the observation about +? pull out an 
add1 


from +’s first argument and put the add1 
around the whole expression. 


This new observation is that we can 
similarly pull out a 


from fist+vec’s second argument, putting 
a vec:; around the whole expression. 


When using cong, the same function is i (:: e), right? 
applied to both the FROM and the TO of 
an =-expression. 


What function transforms 
es 

into 
(xe es) 

and 


(vecslist E 
(length E es) 
(list+vec E es)) 


into 
(Be 
(veelist E 
(length E es) 
(list+vec E es)))? 
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That is very close. But the constructor 
of functions is \. Other constructors 
construct different types. 


3 
Here is a function that does the trick. 


(claim ::-fun 
(N ((E U)) 
(> E (List E) 
(List E)))) 
(define .:-fun 
( (E) 
(X (e es) 
(ze es)))) 


Now complete the box in frame 41 to 
define step-list- vec list=. 


It’s time to put the pieces together, using 
the motive, the base, and the step. 
Remember the claim in frame 35 on 

page 255. 


tal os 
Here it is. 


(define step-list vec list= 
(\ (E e es) 
(\ (list> vec list=.s) 
(cong list vecslist=.; 
(::-fun E e))))) 


” Here is another well-built solid box. 


(define list vec list= 
(d (E es) 
(ind-List es 
(mot-list> vec list= E) 
(same nil) 
(step-list+vec-list= E)))) 


This proof rules out the foolish definition 
from frame 29 on page 253. 


Why? 


56 
Because, using the foolish definition, 


(vecslist Atom 
(length Atom drinks) 
(list+vec Atom drinks)), 


is not equal to drinks. 
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Why not? 


Where would the proof go wrong? 


Exactly. This proof has ruled out many 
foolish definitions. 


At some point, it becomes necessary to 
trust that enough specific types have 
been used to avoid the foolishness one 
might be prone to. This requires 
hard-won self-knowledge. 


If vecslist could remove the foolishness 
introduced by list>vec, then it would 
remain undetected. 


Imagine that vec-list and list>vec both 
reversed the order of the list. 


In this imaginary world, the proof would 
work, but both vec—list and list+vec 
would be foolish. 
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Gt 


Because 


(:: "coffee 
(:: ‘coffee nil)) 


is not equal to 


(:: "coffee 
(2: "cocoa nil). 


It would go wrong in frame 54 because 
the new observation in frame 50 would 
no longer be the case. 


Many? 


How could that be? 


Coffee and cake are good for the 
imagination. 


* Tf they also reversed lists, then that 


should have been part of their names! 
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Now, go and enjoy a cozy fika 


with either an even or an odd number of friends. 
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What is an even number? 


It is a number that can be split into two 
equal halves. 


What does it mean for a number to be 
split into two equal halves? 


ve . 3 
How can that definition be written as a 


type? 


A “there is” statement has two important 
parts: the type of the thing that exists, 
and a property that it has. 


Here, the type of thing that exists is Nat, 
and its property is being half of the even 
Nat. These are the respective car and cdr 
of the evidence for a “there is” statement. 


* Tt means that, 


“There is some number that, added to 
itself, yields the original number.” 


According to frame 10:18, a £-expression 
does the trick. 


* What does Even look like? 


The definition of evenness can be written 
as a function that returns a type. 


(claim Even 
(— Nat 
u)) 
(define Even 
(X (n) 
(= ((half Nat)) 
(= Nat n (double half))))) 


What is the value of (Even 10)? 


” ‘The value of 


(Even 10) 
is 
(= ((half Nat)) 
(= Nat 10 (double haif))). 
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What are the values in (Even 10)? * ‘The values look like (cons a d), where 
a 
is a Nat and 
d 
is an 
(= Nat 10 (double a)). 


Find a and d so that ais clearly 5 because 5 is half of 10. 
(cons a d) And 

is an (same 10) 
(Even 10). is an 


(= Nat 10 (double 5)). 


This is what is needed to prove that 10 is * The proof is 


even. (cons 5 


10)). 
What is the proof? pare 25) 


That's right. What about 0? Half of 0 is 0. 


(claim zero-is-even 
(Even 0)) 
(define zero-is-even 
(cons 0 
(same 0))) 


What is another way that Even could Wouldn’t + do the trick? 


have been defined? pnw nnn 2 - === === == -- 
have been denne (define Even 


( (n) 
(X ((half Nat)) 
(= Nat 1 (+ half half))))) 
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That would certainly work, because "As seen in the proof of twice=double in 


“For all n, (twice n) equals (double n).” ‘frame 9:52. 


Although two functions always return 
the same answer, sometimes oue of them 
is easier to use because it more quickly 
becomes a value. In particular, + and 
thus twice leave an add1 on the second 
argument, while double puts both addl1s 
at the top immediately. 


How can the statement, * Good question. 


“Two greater than every even number 
is even.” 


be written as a type? 


Tt can be useful to use more descriptive . “Every” sounds like N. 
prose when translating a statement into . 
a type. (claim +two-even 

(1 ((n Nat)) 
Here’s another way to say the same (+ (Even n) 
thing: (Even (+ 2 n))))) 


“For every natural number n, if 7 is 
even, then 2+ 7 is even.” 


Now prove it. Clearly, the proof uses ind-Nat because 
the type depends on a Nat. 


Tt can actually be done without 
induction. 


(define +two-even ' 
1 ( (nn) 


But first, how much of the definition can 
be written now? 


...but what goes here? })) 
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Good question. . (+ 2 10) is the same Nat as 12, and half 
of 12 is 6. 

If 5 is half of 10, then what is half of 

(+2 10)? 

If 6 is half of 12, then what is half of " (+ 2 12) is the same Nat as 14, and half 

(+2 12)? of 14 is 7. 
There is a repeating pattern here. 

Yes, there is a repeating pattern. This * Tt is (add1 a). 


pattern can be used to fill the box. 
But where is that ain the empty box? 
If a is half of n, then what is half of 


(+2 n)? 


It is (car e,) because e, is an (Even n). Right, because car and cdr work with 


expressions described by ©. 
This means 


(car en) 
is half of n, and 
(cdr e,) 
proves this. 


If pisa ” ‘That follows directly from the 
(= ((x A)) description in frame 10:6 on page 220. 


then (car p) is an A, and (cdr p)’s type is 
found by consistently replacing each x in 
D with (car p). 
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It’s possible to go a bit further with the ‘ 


definition of +two-even now. 


” ‘The body of the )-expression has cons at 


the top because it must be an 
(Even (+ 2 n)). 


(define +two-even 
(d (1 €n) 
(cons (add1 (car e,)) 


And the car is (add1 (car e,)) because 
(car é,) is half of a. 


So far, so good. 


What is (cdr e,)’s type? 


There is an equality proof available, and 
it is almost correct ... 


This is where the choice of double over + 


shows its value, just as it did when 
defining double-Vec in frame 9:59. 
(double (add1 (car e€,))) 
is the same Nat as 
(add1 
(add1 
(double (car e,)))). 


~ (cdr e,) is an 


(= Nat 
n 
(double (car e,))). 


2 
How can an 


(= Nat 
n 
(double (car €,))) 
be transformed into an 
(= Nat 
(+ 2 n) 
(double (add1 (car e,))))? 


And if the cdr’s type had been claimed 
with + or twice, then this Nat would 
have been 
(add1 
(+ (car ep) 
(add1 (car e,)))), 
and more work would have been required 
to bring both add1s to the top. 
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Carefully Choose Definitions 


Carefully-chosen definitions can greatly sim- 


plify later proofs. 


In frame 21’s empty box, 
(cdr e,) 
is an 
(= Nat 
n 
(double (car e,))). 


Find an expression that is an 
(= Nat 
(+ 2 n) 
(add1 
(add1 
(double (car e,))))). 


That is precisely what is needed to 
complete the proof. 


” The expression 
(cong (cdr e,) (+ 2)) 
has that type because 
(+ 2 n) 
is the same Nat as 
(add1 
(addi n)). 


* Thanks for the hints. 


(define +two-even 
( (n en) 
(cons (add1 (car e,)) 
(cong (cdr e,,) (+ 2))))) 


Is two even? 


Yes, it is. 
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Prove it, using +two-even. 


To use +two-even, we need evidence that 
0 is even. This evidence is in frame 26. 


(claim two-is-even 
(Even 2)) 


(define two-is-even 
(+two-even 0 zero-is-even)) 


Here is the value of two-is-even. 
1. | two-is-even 
2. | (4+two-even 0 zero-is-even) 
3.| (cons (add (car zero-is-even) ) 
(cong (cdr zero-is-even) (+ 2))) 


Now find the normal form. 


30 


What is an odd number? 


Is there a more explicit way to say that? 


The normal form takes just a few more 
steps. 


4.] (cons (add1 zero) 
(cong (same zero) (+ 2))) 
(cons 1 
(same (+ 2 zero))) 
6.] (cons 1 
(same 2)) 


on 


An odd number is not even. 


‘ Odd numbers cannot be split into two 


equal parts. There is always an add1 
remaining. 


. . . 32 
How can that description be written as a 


type? 


Hint: use the definition of Even as a 
guide. 


Even Numbers Can Be Odd 


Isn’t this an odd definition? 


(claim Odd 
(— Nat 
Uu)) 
(define Odd 
(d (n) 
(X ((haf Nat)) 
(= Nat n (add1 (double haf)))))) 
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No, but it is an Odd definition. 


What does haf mean? 


Here is a claim that 1 is odd. 


(claim one-is-odd 
(Odd 1)) 


Prove it. 


Now prove that, 
“13 is odd.” 


If n is even, what can be said about 
(add1 n)? 


Yes. 


How can that be written as a type? 


33 


a 


It is pretty close to half. It is half of the 
even number that is one smaller than n. 


Here is the proof: 


(define one-is-odd 
(cons 0 
(same 1))). 


Here, the cdr is 
(same 1) 
because 
(same 1) 
is an 
(= Nat 1 (add1 (double 0))). 


“Haf” of a baker’s dozen is 6. 


(claim thirteen-is-odd 
(Odd 13)) 
(define thirteen-is-odd 
(cons 6 
(same 13))) 


Would this statement do the trick? 
“If nis even, then (add1 n) is odd.” 


It uses a M-expression and an 
—-expression, because the n means “for 
every n,” and if-then statements are 
translated to —>-expressions. 
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Now translate the statement. 


Is that claim true? 


30 


Here it is. 


(claim add1-even+odd 
(N ((n Nat)) 
(— (Even n) 
(Odd (addi n))))) 


Yes. 


What is the evidence? Remember, truth 
is the same as having evidence, yet no 
evidence has been provided. 


So the statement is false’? 


No. 


There is neither evidence that the 
statement is true, nor evidence that the 
statement is false. For now, it is a 
mystery. 


Better solve that mystery then. 


To solve the mystery, think about the 
relationship between half of n and “haf” 
of (add1 n) when n is even. 


Why are they the same Nat? 


a2 


8 


They are the same Nat. 


Because the extra add1 is “used up” in 
the TO side of the equality in the 
definition of Odd. 


Now use this important fact to prove the 
mystery statement and make it true. 


Et voila! 


(define add1-even+odd 
(4 (7 en) 
(cons (car e,) 
(cong (cdr e,) (+ 1))))) 
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Definitions should be written to be ” In the body of the \-expression, there is 
understood. a cons-expression. This expression is the 
es ~ proof of (Odd (add1 n)) because the 
Why is this definition correct? value of (Odd (add1 n)) has © at the top. 

What about the car of the proof? ” The car is (car e,) because “haf” of an 


odd number is half of the even number 
that is one smaller. 


And what about the cdr of the proof? The cdr is built with cong, because 
(cdr e,) 
is an 
(= Nat 
n 
(double (car €,))), 
but the definition of (Odd (add1 n)) 
demands that the cdr be an 
(= Nat 
(add n) 
(add1 (double (car e,)))). 


The statement is now true. Take a bow. ~ Clearly, 


“If n is odd, tk ddi n) is ite 
If n is odd, what can be said about eile hana hei 


(add1 n)? 


That's quite the claim ... ” Indeed. 


(claim add1-odd+even 
(N ((n Nat)) 
(— (Odd n) 
(Even (addi n))))) 
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Now it’s time to make that claim true. 


What is “haf” of 25? 


” Tt is 12 because 


(add1 (double 12)) 
is the same Nat as 25. 


What is half of 26? 


Tt is 13 because 
(double 13) 
is the same Nat as 26. 


Following this template, what is the 
relationship between “haf” of some odd 
number n and half of (add1 n)? 


” If ais “haf” of the odd number n, then 


half of the even (add1 n) is (addi a). 


Now start the definition, using this “haf.” = 


Here it is. 


(define add1-odd+even 
(\ (11 On) 
(cons (add1 (car o,)) 


past atari erga 


The box needs an 
(= Nat 
(add1 n) 
(double (add1 (car o,)))). 


Where did that type come from? 


It came from the definition of Even 
combined with the Commandment of 
cdr. 
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What type does (cdr on) have? ” Tn the box, 
(cdr 0,) 
is an 
(= Nat 


n 
(add1 (double (car 0,)))). 


How can (cdr 0,) be used to construct cong does the trick, because 
evidence that (double (add1 (car 0,))) 
(= Nat is the same Nat as 
(add1 n) (add1 


(double (addi (car o,))))? (add1 


(double (car o,)))). 


(define add1-odd-even 
(X (1 On) 
(cons (add1 (car op)) 
(cong (cdr on) (+ 1))))) 


That definition deserves a solid box. ” Whew! It’s time for another fika. 


Go eat a haf a baker’s dozen muffins 
and get ready to divide by two. 
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Behold! Ackermann! 


(claim repeat 
(—> (> Nat 
Nat) 
Nat 
Nat)) 
(define repeat 
(\ (fn) 
(iter-Nat n 
(f 1) 
(\ (iterfn-1) 
(f iterfn-1))))) 


(claim ackermann 
(— Nat Nat 
Nat)) 
(define ackermann 
( (n) 
(iter-Nat n 
(+ 1) 
(\ (ackermann,-7) 
(repeat ackermani.1))))) 
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Is every natural number either even or 
odd? 


They might be. 


But where’s the evidence? 


Writing 


“Every natural number is either even 
or odd.” 


as a type requires a new type 
constructor: Either, which is used to 
write “or” as a type. 


(Either L &) is a type if L is a type and 
R is a type. 


That seems reasonable. 


When does Either construct a type? 


* What are the values of (Either L R)? 


The Law 


(Either L R) is a type if L is a type and R is a type. 


of Either 


There are two constructors. If [tis an L, 
then (left /é) is an (Either L R). If rt is 
an R, then (right rt) is an (Either L R). 


When are two (Either L R) values the 
same? 


4 ‘ n 
Here's a guess based on earlier types. 


(left 7t;) and (left It2) are the same 
(Either LZ R) if lt; and Utz are the same L. 


So far, so good. Anything to add? 


Yes, one more thing. (right ré;) and 
(right rtz) are the same (Either L R) if 
rt; and rtz are the same R. 
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The Law of left 
(left It) is an (Either L R) if tis an L. 


The Law of right 


(right rt) is an (Either L R) if rt is an R. 


Any other possibilities? Probably not. 


That is indeed all of the possibilities. * That's not a surprise. 


The eliminator for Either is called 


ind-Either. 
ind-Either has two bases, but no step. * Tt is because there are two ways to 
construct an (Either Z R), but neither 
Why is that? left nor right has an (Either ZR) as an 
argument. 
So can ind-Either introduce recursion? "No, because neither left nor right, Either’s 
two constructors, are recursive. 
In an ind-Either-expression " Does mot explain why target is being 
(ind-Either target eliminated? 
mot 
base-left 
base-right), 


target is an (Either L R). 
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As usual, it does. mot’s type is "Is base-right’s type built the same way? 
(— (Either L R) 
U). 


base-left explains how the motive is 
fulfilled for every left. That is, base-left's 
type is 


(1 ((x £)) 
(mot (left x))). 


Yes, it is. base-right explains how the : base-right’s type is 
motive is fulfilled for every right. (1 ((y R)) 
(mot (right y))) 
because “every” becomes a M-expression 
when written as a type. 


What is base-right’s type? 


What is the value of " Tt is the value of (base-left x), which is 
(ind-Either (left 7) the only available expression with the 
mot correct type. 
base-left 


base-right)? 


What is the value of It is the value of (base-right y), for the 
(ind-Either (right y) same reason. 
mot 
base-left 


base-right)? 
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The Law of ind-Either 


If target is an (Either L R), mot is an 
(— (Either L R) 
U), 
base-left is a 
(N ((x £)) 
(mot (left x))), 
and base-right is a 


(n ((y R)) 
(mot (right y))) 
then 
(ind-Either target 
mot 
base-left 
base-right) 
is a (mot target). 


The First Commandment of ind-Either 


(ind-Either (left z) 
mot 
base-left 
base-right) 


is the same (mot (left z)) as (base-left x). 
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(ind-Either (right y) 
mot 
base-left 
base-right) 


The Second Commandment of ind-Either 


is the same (mot (right y)) as (base-right y). 


Now we know how to write, 
“Every natural number is even or odd.” 


as a type. 


(claim even-or-odd 
(M1 ((n Nat)) 
(Either (Even n) (Odd n)))) 


” This is a claim about all Nats. Does the 
proof use ind-Nat? 


Yes, it does. 


mot-even-or-odd describes the purpose of 
the elimination. Try to define it without 
finding the base first. 


(claim mot-even-or-odd 
(> Nat 
u)) 


Good choice. 


What is the base? 


y Abstracting over n in frame 15 does it. 


(define mot-even-or-odd 
(X (k) 
(Either (Even k) (Odd k)))) 


‘The base is an 
(Either (Even zero) (Odd zero)) 


and zero happens to be even. 
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Sound familiar? P Yes, it does. 


The base is 


(left zero-is-even). 


It is. The type of the step is found using the 


motive. 


What is the type of the step? - 
(claim step-even-or-odd 


(N ((n-l Nat)) 
(— (mot-even-or-odd n-l) 
(mot-even-or-odd (add1 n-1))))) 


Now define step-even-or-odd. " Here's a start ... 


\(define step-even-or-odd = 
1 ( (nl) 

1 Ox (€-0F-0n1) 
d . but what goes here? ») 


What is e-or-0,1’s type? ‘The type comes from the step’s claim. 
1, | (mot-even-or-odd n-1) 
2.| (Either (Even n-1) (Odd n-i)) 


What is the climinator for Either? : ind-Either, of course. 
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23 
So eliminate it. 


Good start. 


What is the motive? 


Here's a version with empty boxes in it, 
at least. 


\ (define step-even-or-odd 
(x (41) 
(X (€-0F-On.1) 
(ind-Either e-or-0, 


According to step-even-or-odd’s claim, 
the elimination produces a 


(mot-even-or-odd (add1 n-l)). 


Instead of defining a separate motive, try 
writing a \-expression this time. The 
argument to the motive is the target, but 
this elimination is not producing a type 
that depends on the target. So the 
motive’s argument can be dim. 


That’s a lot shorter than defining it 
separately. 


H (define step-even-or-odd 

1 ( (1) 

| (d (€-0r-0n.1) 

i (ind-Either e-or-0n. 

' (X (e-0r-0) 

(mot-even-or-odd (add1 n-l))) 
1 


Yes, it is shorter. But shorter is not 
always easier to read. Compare the two 
styles and decide which is easier to 
understand in each case. 


When n-l is even, what is the evidence 
that (add1 n-l) is odd? 


* ‘The evidence can be constructed with 


add1-even-odd. 
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The first empty box in frame 25 is an 
(— (Even n-1) 
(Either 
(Even (addi n-1)) 
(Odd (add1 n-t)))). 


The Law of ind-Either states that the 
base for left is a 
(Tl ((x L)) 
(mot (left x))), 
so why doesn’t the empty box’s type 
have Nl at the top? 


The type has lN at the top. Because > 
is another way of writing [ when its 
argument name is not used, — is 
sufficient, as seen in frame 6:40. 


That’s right. 


What about the last box? 


Now assemble the definition of 
step-even-or-odd. 


30 


Because (add1 n-1) is odd, the expression 
uses right: 
(\ (€n2) 
(right 
(add1-even+odd n-l e,1))). 


Tn that box, nl is odd. Thus, (add1 n-1) 
is even and the expression uses left: 
(d (On1) 
(left 
(add1-odd-+even n-1 0,))). 


The boxes are filled in. 


(define step-even-or-odd 
(X (n-1) 
(\ (-0r-On21) 
(ind-Either e-or-o, 
(\ (e-0r-0,.2) 
(mot-even-or-odd 
(addi n-1))) 
(» (€n2) 
(right 
(add1-even+odd 
n-l €n1))) 
(s (On) 
(left 
(add1-odd+even 


nl ©ni))))))) 
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Now, define even-or-odd. 


” ‘The pieces are ready. 


(define even-or-odd 
(X (n) 
(ind-Nat n 
mot-even-or-odd 
(left zero-is-even) 
step-even-or-odd)) ) 


even-or-odd is a proof that 


“Every natural number is even or odd.” 


But it is more than just a proof—it is a 
d-expression that produces a value when 


it gets an argument. 


Let’s find out. 


What is the value of (even-or-odd 2)? 


> ft always produces a value because all 
functions are total. 


Is this value interesting? 


33 ‘ ' , 
That’s an interesting question. 


Get ready for a long “same-as” chart. 
Here’s the beginning. 
1. | (even-or-odd 2) 
2.) ((d (n) 
(ind-Nat n 
mot-even-or-odd 
(left zero-is-even) 
step-even-or-odd) ) 
2) 
3.| (ind-Nat 2...) 
4.| (step-even-or-odd 
1 
(ind-Nat 1 ...)) 
In this chart, ..., an ellipsis, stands for 


the arguments to ind-Nat or ind-Either 
that don’t change at all. 


“ Here's the next one. 
5. | ((X (n-L) 
(X (€-07-On1) 
(ind-Either e-or-o,.4 
(AX (e-0r-02) 
(mot-even-or-odd 
(add1 n-1))) 
(r (€n2) 
(right 
(add1-even- odd 
n-l €n2))) 
(% (Ona) 
(left 
(add1-odd+even 


nl 0n1)))))) 
1 (ind-Nat 1 ...)) 
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At each step, look for the parts of 
expressions that change and those that 
don’t. 


Try to identify motives, bases, and steps 
that appear multiple times. 


* What about targets? 


Targets are rarely repeated, but worth 
watching. 
oe (A (€-0r-0n.1) 
(ind-Either e-or-o,1 
( (€-0F-0p.1) 
(mot-even-or-odd 2)) 
(X (€n1) 
(right 
(add1-even+odd 1 e,.;))) 
(% (On2) 
(left 
(add1-odd-even 1 0,:))))) 
(ind-Nat 1 ...)) 
(ind-Either (ind-Nat 1...) 
(X (€-0r-0p.2) 
(mot-even-or-odd 2)) 
( (€n2) 
(right 
(add1-even>odd 1 €,))) 
(\ (On1) 
(left 
(add1-odd-even 1 0,.:)))) 


_ 


Ah, because as soon as a target’s value is 


found, a base or step is chosen. 
8.| (ind-Either 
(step-even-or-odd 
0 
(ind-Nat 0 ...)) 
(A (€-0r-09.1) 
(mot-even-or-odd 2)) 
(A (€n.) 
(right 
(add1-even odd 1 e,;))) 
(A (na) 
(left 
(add1-odd-+even 1 0,.;)))) 
(ind-Either 
(0 (n-1) 
(X (€-0Fr-0n.1) 
(ind-Either e-or-o,; ..-))) 
0 (ind-Nat 0 ...)) 
(A (€-09-0p1) 
(mot-even-or-odd 2)) 
(X (€n2) 
(right 
(add1-even— odd 1 e,.:))) 
(X (072) 
(left 
(add1-odd-+even 1 0n1)))) 


tad 
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10. | (ind-Either 11. (ind-Either 
((\ (€-0r-0n2) ((X (€n1) 
(ind-Either e-or-o,, (right 
(X (e-09-0,.1) (add1-even- odd 0 e,.:))) 
(mot-even-or-odd 1)) zero-is-even) 
0X (€n2) (A (€-0r-0p.2) 
(right (mot-even-or-odd 2)) 
(add1-evenodd 0 e,.1))) (X (€n2) 
(% (On) (right 
(left (add1-evenodd 1 e,,.;))) 
(add1-odd-even 0 0,.;))))) (X (On) 
(ind-Nat 0 ...)) (left 
(\ (@0r-02) (add1-odd-even 1 0,.1)))) 
(mot-even-or-odd 2)) 12.| (ind-Either 
( (€n1) (right 
(right (add1-even- odd 0 zero-is-even)) 
(add1-even-odd 1 e,.1))) (A (€-01-0)2) 
(X (On) (mot-even-or-odd 2)) 
(left ( (€n2) 
(add1-odd+even 1 0,;)))) (right 
(add1-even— odd 1 e,))) 
(X (On1) 
(left 
(add1-odd-even 1 0,1)))) 
38 
13. | ((X (On2) 14.| (left 
(left (add1-odd- even 
(add1-odd-even 1 01))) 1 
(add1-even- odd 0 zero-is-even)) (add1-even odd 
0 
zero-is-even))) 
The last expression in the chart is a 
value, 
Whew! 


Even Haf a Baker's Dozen 289 


prior permission. Violators will be prosecuted. 


Indeed, 


(left 
(add1-oddeven 
1 


(add1-even>odd 
0 
zZero-is-even))) 


is a value. 


What can we learn from this value? 


In this case, there is still more to be 
learned. 


Find the normal form of 
(left 
(add1-odd- even 
1 
(add1-even>odd 
0 
zero-is-even))). 


That’s right. 
15.) (left 
((¥ (17 On) 
(cons (add1 (car 0,)) 
(cong (cdr 0,) (+ 1)))) 


(add1-even— odd 
0 
zero-is-even) ) ) 


What is next? 


39 
From this value, it is clear that 2 is even, 


because the value has left at the top. 


” ‘The first step in finding the normal form 
is to replace add1-odd-even with its 
definition. 


“The next step is to replace n with 1 and 
add1-even+odd with its definition. 
16.| (left 
((X (On) 
(cons (add1 (car o,)) 
(cong (cdr o,) (+ 1)))) 
(QA (n en) 
(cons (car én) 


(cong (cdr e,) (+ 1)))) 
0 
zero-is-even) )) 
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The next step is to drop in the definition ‘ 


of zero-is-even. 
17.| (left 
((X (On) 


(cons (add1 (car o,)) 
(cong (cdr o,) (+ 1)))) 
((% (n) 
(cons (car e,) 
(cong (cdr e,) (+ 1)))) 
zero-is-even) )) 
18.| (left 
((X (On) 
(cons (add1 (car o,)) 
(cong (cdr o,) (+ 1)))) 
(O (én) 
(cons (car €,) 
(cong (cdr en) (+ 1)))) 
(cons 0 (same 0))))) 


What’s next? 


Next, find the car and cdr of e,. 


19.| (left 
(( (On) 
(cons (add1 (car on)) 
(cong (cdr o,) (+ 1)))) 
(cons 0 
(cong (same 0) (+ 1))))) 
It looks like the next step is to find the 
value of 
(cong (same 0) (+ 1)), 
and by the Commandment of cong, that 
value is 


(same 1). 


Here’s the next step. 
20. | (left 
(( (On) 
(cons (add1 (car 0,)) 
(cong (cdr 0,) (+ 1)))) 
(cons 0 
(same 1)))) 
What remains? 


3 
There is one more cong-expression that 


can be made more direct. 


ai.| (left 
(cons 1 
(cong (same 1) (+ 1)))) 
2.| (left 
(cons 1 
(same 2))) 


What can be learned from this normal 
form? 


H . 
From the value, we see that 2 is even. 


The normal form also has the proof that 
2 is even tucked under left. 


Each step in the “same as” chart is the 
same as the previous step, so the value 
also contains the proof. 


Normal forms, however, are often easier 


to understand, and this one is no 
exception. 
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What can be learned from such a proof? 


* Not only that 2 is even, but also that 1 is 


half of 2. 


Definitions like even-or-odd play two 
roles. In the first role, even-or-odd is a 
proof that every Nat is either even or 


odd. 


In the second role, even-or-odd is a 
function that can determine whether a 
Nat is even or odd. To do so, it finds 
either half or “haf” of the Nat. 


What is the other role? 


even-or-odd is interesting both as 
evidence for a statement and for the 
results that it finds. 


Exactly. Now, it’s time to go for a nice 
relaxing walk in the woods. 


49 


Sounds good. 
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Every number is even or odd, 


and some are smaller than others. 


Get ready. 
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Please select a dish from this menu: 
e ratatouille, 
e kartoffelmad, 


hero sandwich, or 


© prinsesstarta. 


The fourteenth, please. 


There are only four dishes on the menu, 
so you don’t get anything. 


That’s unfortunate. 


In order to pick a specific entry from a 
list, we must know what to do when 
there are not enough entries. 


One might say that there may be an 
entry, but there also may not be. 


To represent the case when there is no 


entry, we need a new type, called Trivial.t 


tSometimes called the unit type. 


* What is Trivial? 


Trivial is a type, and sole is a Trivial. 


Every Trivial expression is the same 
Trivial as sole. 


What about neutral Trivial expressions? 


Yes, neutral Trivial expressions are the 
same as sole. And that’s all there is to 
say about Trivial. 


This type is appropriately named. 
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The Law of Trivial 


Trivial is a type. 


The Law of sole 


sole is a Trivial. 


The Commandment of sole 


If ¢ is a Trivial, then ¢ is the same as sole. 


That an entry may or may not be in a "How can Maybe represent presence or 
list can be represented using Maybe. absence? 


(claim Maybe 
(3 u 
u)) 


There is either an X or a Trivial. . Okay. 
(define Maybe 
(A (X) 
(Either X Trivial))) 
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Absence is indicated using (right sole). 


(claim nothing 
(1 ((E U)) 
(Maybe E))) 
(define nothing 
0s (E) 
(right sole))) 


Indeed it does. Here is the claim. 


(claim just 
( ((E U)) 
(OE 
(Maybe E)))) 


’ 
Presumably, presence uses left. 


Tn order to use left, an E is necessary. 


(define just 
(\ (E e) 
(left e))) 


Using Maybe, it is possible to write a 
total version of head for List. 


(claim maybe-head 
(Ml ((E U)) 
(> (List E) 
(Maybe E)))) 


What should we expect from 
(maybe-head Atom nil)? 


Following the type, the definition begins 
with X. 


| (define maybe-head 
(s (E es) 


It should be (nothing Atom) because the 
empty list has no head. 


What should we expect from 
(maybe-head Atom 


“ (sandwich 'hero) 
(:: "prinsesstarta nil)))))? 


It should be (just Atom 'ratatouille). 
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This is enough information to find the * Plenty of information. 
base and step for rec-List in the empty 
box. 


(define maybe-head 
(d (E es) 
(rec-List es 
(nothing E) 
(A (hd tl head,)) 
(just E hd))))) 


What type should maybe-tail have? ” Tt is similar to maybe-head, except: that 
it (maybe) finds a list. 


(claim maybe-tail 
(n ((EU)) 
(— (List E) 
(Maybe (List E))))) 


The definition of maybe-tail is also very 


similar to the definition of maybe-head. (define maybe-tail 
Only the type in the base and the step’s OE es) 
type and value need to change. (rec-List es 


(nothing (List E)) 
(\ (Ad tl tail) 
(just (List E) t/))))) 


maybe-head and maybe-tail can be used " What is list-ref’s type? 
to define list-ref, which either finds or 
does not find a specific entry in a list. 
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list-ref accepts an entry type, a Nat, and “We should expect nothing, because nil 


a list. It may or may not find an entry. has no entries. 
(claim list-ref Or, rather, we should expect 
(1 ((E U)) 


(> Nat (List E) (nothing Atom). 


(Maybe E)))) 


What should we expect from 
(list-ref Atom 0 nil)? 


What about ” That's just "ratatouille, or rather, 
(list-ref Atom (just Atom 'ratatouille). 
zero 


(:: ratatouille 
: 'kartoffelmad 
(:: (sandwich hero) 
(:: 'prinsesstarta nil)))))? 


In other words, when the Nat is zero, ” That's why maybe-head is the base. 
list-ref acts just like maybe-head. 

seinen serie ne eis rerio What is the step? 

: (define list-ref 


1 (\ (En) ' 
| (rec-Nat n ' 
1 (maybe-head E) 
») 
oi ESS ee sn Oe ae 4 
The base is an * Tt should work for any entry type E. 
(+ (Uist) claim step-li 
p-list-ref 
Siege D met) 
What is the step’s type? (> Nat 
(— (List E) 
(Maybe E)) 
(— (List E) 


(Maybe E))))) 
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The step takes as its argument a list-ref 
for some smaller Nat, which is almost a 
list-ref for this Nat. 


How can a list-ref for n-l be transformed 
into a list-ref for n? 


Complete this definition. 


| (define step-list-ref 
(\ (E) 
(\ (nl list-ref 1) 
(X (es) 


Now define list-ref. 


' 
' 
' 
' 
' 
' 
' 
1 
1 
] 
' 


* The fist-ref for n-l can be applied to the 


tail of the list. 


3 list-ref ,1 can be used when maybe-tail of 
es finds a (List E). When maybe-tail 
finds nothing, the step finds nothing. 


(define step-list-ref 
(d (E) 
(\ (n-l list-ref 1) 
(A (es) 
(ind-Either (maybe-tail E es) 

(X (maybe,)) 
(Maybe E)) 

(A (th) 
(list-ref ,.3 t!)) 

(\ (empty) 
(nothing E))))))) 


Here it is. 


(define list-ref 
(\ (E n) 
(rec-Nat n 
(maybe-head E) 
(step-list-ref E)))) 


Take a short break, and maybe eat 
some delicious ratatouille. 
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Please select a dish from this menu: 
1. ratatouille, 
2. kartoffelmad, 
3. hero sandwich, or 


4. prinsesstarta. 


What does “fourteenth” mean? 


What is the difference between a Vec and 
a List? 


” ‘The fourteenth, please. 


7 Ah, there are precisely four entries. 


a 
In a Vec, the type states how many 
entries there are. This second menu must 
be a Vec. 


That's right. 


(claim menu 
(Vec Atom 4)) 
(define menu 
(vec:: ‘ratatouille 
(vec:: 'kartoffelmad 
(vec:; (sandwich hero) 
(vec:: 'prinsesstarta vecnil))))) 


3 ea . 
That’s one 'delicious hero sandwich. 


To define vec-ref, a new type is needed: 
one that represents only numbers smaller 
than the length of the Vec. 


This type is called (Fin ¢), where ¢ is the 
length. 


Fin is a very finite way of writing “finite.” 


” “Why is it called Fin? 


380 
Another abbreviation. 
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au 
How many natural numbers are smaller There are no such numbers. 
than zero? 


This requires a new type constructor, *“ ‘That’s an absurd name. 
named Absurd.t 


tAbsurd is sometimes referred to as the empty 
type. 


When is Absurd a type? 


Absurd is always a type, just like Atom, * ‘That's easy enough. 
Nat, U, and Trivial are always types. 
What are the values of Absurd? 


The Law of Absurd 


Absurd is a type. 


There are none, but all of them are the “Tf there are no values of Absurd, how can 
same. they be the same? 


In fact, every expression that is an * But there are no Absurd values. 
Absurd is the same as every other 
expression that is an Absurd. 


If there are no values, then there is no ” Tf there are no Absurd values, then how 
way to tell any of them apart. can there be expressions of type Absurd? 
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Neutral expressions can have type 
Absurd. 


What is the type of x in the body of 
similarly-absurd’s definition? 


(claim similarly-absurd 
(— Absurd 
Absurd)) 

(define similarly-absurd 


(» (x) 


x)) 


wv, 
x is an Absurd. 


The Commandment of Absurdities 


Every expression of type Absurd is neutral, and all of them 


are the same. 


Even though there is no way to construct 
an Absurd value, there is an eliminator 
for Absurd. 


One way to view an eliminator is as a 
means of exposing the information inside 
a constructor. Another way to view it is 
as a way of picking some new expression 
for each of a type’s values. 


By picking a new expression for each 
value, the eliminator expression itself has 
a type given by the motive. 


To use the eliminator for Absurd, provide 
a new expression for each Absurd value. 


" length picks a new Nat for each List, and 
peas picks a (Vec Atom £) for each Nat ¢. 


39 
There are no Absurd values. 
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Precisely. ” “How can that be? 


The eliminator for Absurd, called 
ind-Absurd, has neither bases nor steps 
because there are no Absurd values. 


There is only a target and a motive. 7 Why isn’t mot a function? 


The expression 
(ind-Absurd target 
mot) 
is a mot when target is an Absurd and 
and when mot is a U. 


There are no Absurd values to provide as =e target can never be a value, what use 
targets to the motive. is ind-Absurd? 


Other eliminators’ motives take 
arguments so that the type of the 
eliminator expression can mention the 
target. This is not necessary because 
there never will be a target. 


The Law of ind-Absurd 


The expression 


(ind-Absurd target 
mot) 


is a mot if target is an Absurd and mot is a U. 


P ry , 
It is used to express that some And neutral expressions cannot yet be 
expressions can never be evaluated, or in evaluated because the values of their 
other words, that the expression is variables are not yet known. 


permanently neutral. 
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For each Nat n, (Fin n) should be a type (Fin zero) should have zero values, so 
with n values. Absurd is appropriate. 


(claim Fin 
(— Nat 
u)) 


What should the value of (Fin zero) be? 


Here is the beginning of Fin’s definition. ” ‘The step for Fin, which goes in the 
!o-5---=----------------------- empty box, should transform a type with 
(define Fin n-1 values into a type with n values. 


(» (n) 


i 
1 
i 
1 
(iter-Nat n } 
i 
i 
i 
' 


What goes in the empty box? 


How many values have the type There is just one, 
(Maybe Absurd)? (nothing Absurd), 
which has the normal form 
(right sole). 
What about Either’s constructor left? ” That would require an Absurd value, and 


there are no Absurd values. 


How many values have the type There are two possibilities: 
(Maybe (nothing (Maybe Absurd)), 
Wd 
(Maybe Absurd) )? aia 
(just (Maybe Absurd) 
(nothing Absurd)). 
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Based on these examples, if a type X has ” Tt has (add1 n) values because Maybe 
n values, how many values does adds one value, which is (nothing X). 
(Maybe X) 


This means that Maybe is a suitable step 
have? 


for Fin. 


Indeed it is. Here is the definition. 


(define Fin 
(X (n) 
(iter-Nat n 
Absurd 
Maybe))) 


What is the normal form of (Fin 1)? 1. | (Fin 1) 


2. | (Maybe Absurd) 
3. | (Either Absurd Trivial) 
This type has 1 value. 


What is the normal form of (Fin 2)? It is 
(Maybe 
(Maybe Absurd)), 
better known as 
(Either (Either Absurd 
Trivial) 
Trivial) , 
which has 2 values. 
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To use Fin to pick out entries in a Vec, it 
is necessary to determine which Fin 
points at which entry. 


The first entry in a Vec is found using 
(fzero n) when the Vec has (add1 nm) 
entries. 


(claim fzero 
(1 ((n Nat)) 
(Fin (add1 1)))) 


This is because there are no entries when 
the length is zero. 


Take another look at the definition of Fin 


in frame 50. What is another way of 
writing fzero’s type? 


In that type, what are (Fin n)’s values? 


iter-Nat applies the step when the target 
has add1 at the top, so fzero’s type and 
(Nl ((n Nat)) 
(Maybe (Fin n))) 
are the same type. 


” That depends on ’s values. 


This means that a good choice for fzero’s ms 


definition is ... 


Good choice. Now define fzero. 


... (nothing (Fin n)), even though it is 
something rather than nothing. 


Here it is. 


(define fzero 
(d (n) 
(nothing (Fin n)))) 
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Just as (fzero n) points at the head of a * Why do the two Fins have different 
(Vec X (add1 n)), fadd1 points arguments? 
somewhere in its tail. 


(claim fadd1 
(Nl ((n Nat)) 
(> (Fin n) 
(Fin (add1 n))))) 


Take a look at frame 48. There are two” The other is 
values for (Fin 2). The first is (just (Maybe Absurd) 
(nothing (Maybe Absurd)), (nothing Absurd) ). 


also known as (fzero 1). 


What is the other? 


For each layer of Maybe in the type, ” Tt adds the extra just. 
there is a choice between either stopping : 
with fzero (also known as nothing) and (define faddi 
continuing with just a value from the (d (n) - 

(s (+1) 


smaller type. Gust (Fin n) i2)))) 


Now define fadd1. 


Now it’s time to define vec-ref, so that " Here, there is no Maybe. 
there’s always something to eat from the 
menu. 


(claim vec-ref 
(1 (EY) 
(€ Nat)) 
(— (Fin €) (Vec E @) 
E))) 
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There are three possibilities: wari: depends first and foremost on ¢. The 
motive is built by abstracting the rest of 


1. the length @ is zero, the type over &. 


2. the length é has add1 at the top (define vec-ref 


and the Fin is fzero, or 


(d (E £) 
3. the length @ has add1 at the top (ind-Nat ¢ 
(— (Fin k) (Vec E k) 
E)) 


and the Fin is fadd1. 0d (k) 
1 


)) 
Good start. What is the base’s type? ™ Apply the motive to zero. 
(claim base-vec-ref 
(N ((E U)) 
(— (Fin zero) (Vec E zero) 
E))) 
The only constructor for (Vec E zero) is “The value of (Fin zero) is Absurd. 
vecnil, but vecnil does not contain any Es. 
What is the value of (Fin zero)? 
Because there are no Absurd values, the Okay. 
base can never be applied to its second 
argument’s value. (define base-vec-ref 
( (E) 
Use ind-Absurd to take advantage of this (X (no-value-ever es) 
fact. (ind-Absurd no-value-ever 
E)))) 
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Once again, it is found by the Law of 
ind-Nat. 


Now it is time to define the step. 


What is the step’s type? = 
(claim step-vec-ref 


(N ((E U) 
(é-1 Nat)) 
(— (— (Fin €-1) 
(Vec E £-1) 

E) 

(— (Fin (add1 £-1)) 
(Vec E (add1 £-1)) 

E)))) 


There are now two possibilities 
remaining: 


1. the Fin is fzero, or 


2. the Fin is fadd1. 


‘The value has Either at the top. 


1.| (Fin (addi ¢-1)) 
2. | (Maybe (Fin ¢-1)) 
3. | (Either (Fin £-1) Trivial) 


What is the value of (Fin (add1 €-1))? 


What can be used to check which Either” The only eliminator for Either is 
it is? ind-Either. 


If the Fin is fzero, then it has right at the 
top, and if it is fadd1, then it has left at 
the top. 


© 
ind-Either is used to distinguish between 
Either’s constructors. 


If the Fin has left at the top, then there 
should be recursion to check the Vec’s 
tail. If it has right at the top, then find 
the Vec’s head. 
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Indeed it is. Define the step. 


Now define vec-ref. 


70 
Here goes. 


(define step-vec-ref 
(s (E ¢-1) 
(X (vec-ref 2) 
(A (7 es) 
(ind-Either [ 
(d (1) 
E) 
(d (Hd) 
(vec-ref ¢1 
iI (tail es))) 
(d (triv) 
(head es))))))) 


” ‘Phe boxes are all filled. 


(define vec-ref 
(X (E 8) 
(ind-Nat ¢ 
(0 (A) 


E)) 
(base-vec-ref E) 
(step-vec-ref E)))) 


(— (Fin k) (Vec E k) 


Now that it’s clear how to find entries in 
menu, which one do you want? 


The second one? 


72 
The second one. 


™ Pardon me. 


The 


(fadd1 3 
(fzero 2))nd one, 


please. 
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Let’s find it. Here’s the first few steps. 


s 


(vec-ref Atom 4 
(fadd1 3 
(fzero 2)) 
menu) 
(Q (E 6) 
(ind-Nat ¢ 
0s (k) 
(— (Fin k) (Vec E k) 
E)) 
(base-vec-ref E) 
(step-vec-ref E))) 
Atom (add1 3) 
(fadd1 3 
(fzero 2)) 
menu) 
((ind-Nat (addi 3) 
( (k) 
(— (Fin k) (Vec Atom k) 
Atom)) 
(base-vec-ref Atom) 
(step-vec-ref Atom)) 
(fadd1 3 
(fzero 2)) 
menu) 
((step-vec-ref Atom (add1 2) 
(ind-Nat (addi 2) 
(» (k) 
(— (Fin k) (Vec Atom k) 
Atom)) 
(base-vec-ref Atom) 
(step-vec-ref Atom))) 
(fadd1 3 
(fzero 2)) 


menu) 


The motive, base, and step in the 
ind-Nat-expression do not change, so 
they are replaced with an ellipsis, just 
like in frame 13:34. 
((( (E &1) 
(\ (vec-ref¢1) 
(\ (f es) 
(ind-Either f 
0 (i) 
E 


( (1) 
(vec-ref ¢ 
il (tail es))) 
(A (triv) 
(head es)))))) 

Atom (add1 2) 
(ind-Nat (add1 2) ...)) 
(fadd1 3 

(fzero 2)) 
menu) 

(((\ (vec-refe1) 
(X (f es) 
(ind-Either f 
O() 

Atom) 

(A (1) 

(vec-ref ¢ 

i-1 (tail es))) 
(A (triv) 

(head es))))) 
(ind-Nat (add1 2) ...)) 
(fadd1 3 

(fzero 2)) 
menu) 


on 
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That's a good start. 
(d (f es) 
(ind-Either f 
(> (/) 
Atom) 
( (4) 


nN 


i-l (tail es))) 

(d (triv) 

(head es)))) 
(fadd1 3 
(fzero 2)) 
menu) 
(ind-Either (fadd1 3 
(fzero 2)) 


ad 


0 () 
Atom) 
(d (1) 
((ind-Nat (add1 2) 
1 (tail menu))) 
(d (triv) 
(head menu))) 
(ind-Either (left (fzero 2)) 
0s (i) 
Atom) 
d (-1) 
((ind-Nat (add1 2) ...) 
#1 (tail menu))) 
(d (triv) 
(head menu))) 
10.| ((ind-Nat (addi 2) ...) 
(fzero 2) (tail menu)) 


S 


((ind-Nat (add1 2) 


-) 


“a 


-| (step-vec-ref Atom (addi 1) 


(ind-Nat (add1 1) ...) 
(fzero 2) 
(tail menu)) 


| (Os (E &-1) 


(X (vec-ref ¢z) 

(X (f es) 
(ind-Either f 

Q (/) 
E) 

(s (id) 

(vec-ref ¢1 
i (tail es))) 
(d (triv) 
(head es)))))) 
Atom 
(addi 1) 
(ind- me (add1 1) ...) 
(fzero 2) 
(tail menu) ) 
((X (vec-ref¢s) 
(\ (f es) 
(ind-Either f 
d (/) 

Atom) 

(d (#1) 

(vec-ref ¢.4 

i-l (tail es))) 
(Xd (triv) 

(head es))))) 
(ind-Nat (add1 1) ...) 
(fzero 2) 

(tail menu) ) 
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Almost there! 1 


6.| (ind-Either (fzero 2) 
14. | ((X (F es) (d (/) 
(ind-Either f Atom) 
(d (/) (d (41) 
Atom) ((ind-Nat (addi 1) ...) 
(\ (F1) il (tail (tail menu)))) 
((ind-Nat (add1 1) ...) (d (triv) 
il (tail es))) (head (tail menu)))) 
(\ (triv) 17.| (head (tail menw)) 
(head es)))) 1s.| "kartoffelmad 
(fzero 2) 
(tail menu)) Finally, my 'kartoffelmad is here. 
15.| ((d (es) 
(ind-Either (fzero 2) 
0 (i) 
Atom) 
( (41) 


((ind-Nat (add1 1) ...) 
il (tail es))) 
(\ (triv) 
(head es)))) 
(tail menu)) 


Enjoy your sm¢grrebr¢d 


things are about to get subtle. 
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Turner’s Teaser 


Define a function that determines whether another function that accepts any number 
of Eithers always returns left. Some say that this can be difficult with types.t Perhaps 


they are right; perhaps not. 


(claim Two 
Uu) 
(define Two 
(Either Trivial Trivial)) 


(claim Two-Fun 
(— Nat 
Uu)) 
(define Two-Fun 
( (n) 
(iter-Nat n 
Two 
( (type) 
(—> Two 
type))))) 


(claim both-left 
(— Two Two 
Two)) 
(define both-left 
(\ (a b) 
(ind-Either a 
(d (c) 
Two) 
(\ (Jeft-sole) 
b) 
(X (right-sole) 
(right sole))))) 


(claim step-taut 
(1 ((n-1 Nat)) 
(— (— (Two-Fun n-1) 
Two) 
(— (Two-Fun (add1 n-1)) 
Two)))) 
(define step-taut 
(X (n-l taut,) 
0 (A) 
(both-left 
(tautn. 
(f (left sole))) 
(taut, 


(f (right sole))))))) 


(claim taut 
(1 ((n Nat)) 
(— (Two-Fun n) 
Two))) 
(define taut 
(A (n) 
(ind-Nat n 
(> (k) 
(— (Two-Fun k) 
Two)) 
(A (x) 
x) 
step-taut))) 


iThanks, Dayid A. Turner (1946-). 
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We have proved that many different 
expressions are equal. 


Not every pair of expressions are equal, 
however. Clearly, 


“39 is not equal to 117.” 


A statement is true when we have 
evidence that it is true. False statements 
have no evidence at all. 


That’s right. 


Can that statement also be written as a 
type? 


This sounds like Absurd. 


It does. 


The eliminator ind-Absurd corresponds to 
a principle of thought. 


If a false statement were true, then we 
might as well say anything at all. 


That principle’ is induction for Absurd. 


Here is the type that captures the 
meaning of the statement from frame 2. 


(— (= Nat 39 117) 
Absurd) 


T Also known as the Principle of Explosion or ex 


falso quodlibet, which means “from false, anything.” 


Tt says, 
“Tf there were a proof that 39 equals 


117, then there would be a proof of 
Absurd.” 


What principle is that? 


Sounds reasonable enough. 


Why does 


(> X 
Absurd) 


capture the meaning of “not X?” 


Providing evidence that 39 equals 117 as 
an argument to the function, whose type 
is in the preceding frame, would result in 
a proof of Absurd. And we know that no 
such proof exists. 
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There is no proof of Absurd, so there 
can’t be a proof of (= Nat 39 117). 


But if there are no Absurd values, then 
how can a “not” statement have a proof? 


What could be in the body of the 
-expression? 


The key is to carefully avoid having to 
write the body of the \-expression. 


With attention to detail and an open 
mind. 


First, we define what the consequences 
are of the fact that two Nats are equal. 


10 


How can that be achieved? 


What are the consequences? 


It depends on which Nats they are. 


(claim =consequence 
(— Nat Nat 
u)) 


Okay. What is the definition of 
=consequence? 


If zero equals zero, nothing interesting is 
learned. This can be represented using 
Trivial. 


To understand Trivial as a statement, 
consider how to prove it. 


What does Trivial mean as a statement? 


There is sole. 


That’s the proof. 
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There could be, but it would be 
pointless, 


There is only one Trivial value, so nothing 
is to be learned from eliminating it. 


Just like M and ©, normal expressions 
with type Trivial are always values. 


15 


16 


So Trivial is a boring statement that can 
always be proved. 


This is because every expression with 
type Trivial is the same as sole. 


The fact that Trivial is not an interesting 
statement makes it a perfect type to 
represent that nothing is learned from 


(= Nat zero zero). 


If 

(= Nat (add1 n-1) zero) 
or 

(= Nat zero (add1 j-1)) 


is true, then anything at all can be true. 
So the consequence is Absurd. 


" What else can be learned if two Nats are 


equal? 


That makes sense. 


Finally, if 
(= Nat (addi n-1) (addi j-1)) 


is true, what is the consequence? 


It must be that n-1 and j-l are equal 
Nats. 


This table represents the four 


possibilities. 
zero (add1 j1) 
zero Trivial Absurd 
(addl n-l)| Absurd (= Nat n-l j-l) 


20 


The function is not recursive, so 
which-Nat is enough. 
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2 
Here is =consequence’s definition. Each does. 


Check that each part of the table 
matches. 


(define =consequence 
(s(n Jj) 
(which-Nat n 
(which-Nat / 
Trivial 
AUD 
Absurd)) 
(\ (a-l) 
(which-Nat j 
Absurd 
(A G1) 
(= Nat n-t4))))))) 


If =consequence tells us it is true about nis clearly the same Nat as n. 
two equal Nats, then it should certainly 
be true when the Nats are the same. 


(claim =consequence-same 
(Ml (nm Nat)) 


How can this goal be written as a type? (=consequence n n))) 


2 


That's right. Here's the start of a proof. 


The motive is built by abstracting the 
ind-Nat-expression’s type over n. 


| (define =consequence-same 

1 (d (n) 

\ (ind-Nat n 

i(k) 

' (=consequence k k)) 
' 
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What is the base’s type? 


As usual, the base’s type is the motive 
applied to zero, which is 

Trivial. 
So the base is 

sole. 


What about the step? 


The step’s type is 
(1 ((n-t Nat)) 
(— (=consequence n-1 n-1) 
(=consequence 
(add1 n-2) 
(addi n-1)))), 


which is also found by applying the 
motive. 


The step has \ at the top. What type is 
expected in the empty box? 


(X (n-l almost) 


Now fill in the boxes and define 
=consequence-same. 


The value of 

(=consequence (add1 n-1) (addi n-1)) 
is 

(= Nat n-l n-l). 


n-l and n-1 are the same Nat, so 
(same n-1) fits in this box. 


Like zerop, the step’s second argument is 
dim because the function is not recursive. 


(define =consequence-same 
(s (n) 
(ind-Nat n 

(0 (k) 
(=consequence k k)) 

sole 

(A (n-l =consequence,.1) 
(same n-1))))) 
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Could =consequence-same have been 
defined with which-Nat? 


Now comes the tricky part. 


The proof of =consequence for Nats that 
are the same can be used to prove 
=consequence for any two equal Nats. 


20 


No. Because the type of the 
ind-Nat-expression depends on the target, 
ind-Nat is needed. 


If two Nats are equal, aren’t they the 
same? 


Not necessarily. Using types, it is 
possible to assume things that may or 
may not be true, and then see what can 
be concluded from these assumptions. 


How can the type 
(— (= Nat 0 6) 
(= Atom "powdered 'glazed)) 
be read as a statement? 


This is fortunate for those who have 
discriminating taste in desserts. 
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That type can be read, 


“If zero equals six, then powdered 
donuts are glazed donuts.” 


Because there is no evidence that 

“Zero equals six,” 
there are no suitable arguments for this 
function. 


Donuts can be part of a mid-afternoon 
fika as well as dessert. 


Imagine That ... 


Using types, it is possible to assume things that may or 
may not be true, and then see what can be concluded 


from these assumptions. 
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Sameness is not a type, it is a judgment, * Are more things equal than are the 
as seen in frame 8:21. same? 


Either two expressions are the same, or 
they are not the same, but there is no 
way to provide evidence of this sameness. 
Types, such as =-expressions, can have 
evidence. 


Indeed. There is a good reason that * How is this expressive power useful? 
more things are equal than are the same. 

The fact that any two expressions either 

are or are not the same means that we 

are freed from the obligation to provide a 

proof because sameness can be 

determined by following the Laws and 

Commandments. 


Equality requires proof, and therefore is 
more expressive. Recognizing a proof 
requires only the Laws and 
Commandments, but constructing a 
proof may require creativity, ingenuity, 
and hard work. 


Types can occur in other types. It is * Even the Absurd consequences? 
possible to assume that two Nats are 

equal, and then use that assumption to 

prove the consequences from frame 20. 


Sameness versus Equality 


Either two expressions are the same, or they are not. It 
is impossible to prove that they are the same because 
sameness is a judgment, not a type, and a proof is an 
expression with a specific type. 
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Even the Absurd consequences. 


It is not possible to prove Absurd, but it 
is possible to exclude those two Absurd 
cases using the equality assumption. 


So the statement to be proved is 


“If n and j are equal Nats, then the 
consequences from frame 20 follow.” 


Here is that statement as a type that 
explains how a proof that n and j are 
equal can be used. 


(claim use-Nat= 
(1 ((n Nat) 
U Nat)) 
(> (= Nat ns) 
(=consequence n /)))) 
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The proof definitely has \s at the top. 


Here comes the trick. 


replace can make n the same as /, which 
allows =consequence-same to prove 
use-Nat=. 


ar 


But what if they are not the same? 


‘Then there is no need to worry. 


If there is no evidence that n equals j, 
then there are no suitable arguments. 


Here is the definition with replace in the 
box. 


(\ (nj) 
(d (n=J) i 
(replace n=/ ; 
(=consequence-same_ ))))) 


The target is n=. 


Should n or j be the argument to 
=consequence-same? 
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What is the FROM and what is the TO in ” The FROM is nand the TO is Jj. This 
n=j’s type? means that the base’s type is the motive 
applied to n. 


40 


What about the entire It is the motive applied to /. 
replace-expression’s type? 
The base must be 


(=consequence-same n) 
because the FROM is n. 


What should the motive be? * The whole replace-expression is an 


(=consequence n j), 
so the motive should abstract over /. 


The nin the base’s type is replaced by /. 


12 


Now finish the definition. That was quite the trick! 
Remember that (define use-Nat= 
(d (nj) 

=consequence-same n 
wf (a (ni) 
is an (replace n=j 

(=consequence nn). (d (k) 

(=consequence n k)) 
(=consequence-same n))))) 
Is use-Nat= useful? 

It can be used to prove “ How does that proof work? 


“If zero equals six, then powdered 
donuts equal glazed donuts.” 
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The first step is to prove 


“Zero does not equal any Nat that has 
add1 at the top.” 


TThis statement is sometimes called no confu- 
sion or disjointness. 


That statement can be written as a type. 


(claim zero-not-add1 
(1 ((n Nat) 
(— (= Nat zero (add1 n)) 
Absurd) )) 


Use the table in frame 20 to find the 
consequences of zero being equal to 
(add1 n). 


What happens if use-Nat= is applied to 
zero and (add1 n)? 


6 


That’s Absurd. 


The type of 
(use-Nat= zero (add1 n)) 
is 
(— (= Nat zero (add1 n)) 
(=consequence zero (add1 n))), 
and 
(=consequence zero (add1 n)) 
and 
Absurd 


are the same type. 


Voila! The proof. 


Oh, it is. 


(define zero-not-add1 
(d (n) 
(use-Nat= zero (add1 n)))) 
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Now prove donut-absurdity. 


(claim donut-absurdity 
(—> (= Nat 0 6) 


(= Atom "powdered 'glazed))) 


If there were evidence that 
“0 equals 6,” 
then there would be evidence for 


anything at all, including strange facts 
about donuts. 


(define donut-absurdity 
(\ (zero=six) 
(ind-Absurd 
(zero-not-add1 5 zero=six) 
(= Atom 'powdered "glazed)))) 


What are the consequences if two Nats 
with add1 at the top are equal? 


According to the table, the Nats tucked 
under the add1s are also equal. 


This means that, 
“IE 

73 equals 73, 
then 

72 equals 72.” 


Prove this statement: 


“For every two Nats n and j, 


if 

(addl n) equals (add1 j), 
then 

n equals 7.” 


Tt is called sub1=. Because it is part of 
the table, use-Nat= is enough! 


(claim sub1= 
(TN ((n Nat) 
( Nat)) 
(— (= Nat (add1 n) (add1 /)) 
(= Nat n j)))) 
(define sub1= 
(d (74) 
(use-Nat= (add1 n) (add1 y)))) 
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Now prove that 1 does not equal 6. 


(claim one-not-six 
(—> (= Nat 1 6) 
Absurd)) 


Does the proof use induction? 


No. 


Induction is used to prove something for 
every Nat. For these specific Nats, it is 
not necessary. Just use zero-not-add1 
and sub1=. 


That’s a good strategy. 


Define one-not-six. 


Absurd is useful for more than just 
statements involving “not.” 


Just as ind-List can do anything that 
rec-List can do, ind-Vec can do anything 
that head can do. Sometimes, however, 
Absurd is a necessary part of such 
definitions. 


' sub1= can be used to show that, 


“If 1 equals 6, then 0 equals 5.” 


zero-not-add1 can be used to show that 0 
does not equal 5. 


” Here it is. 


(define one-not-six 
(\ (one=six) 
(zero-not-add1 4 
(sub1= 0 5 one=six)))) 


If that’s the case, then a function that 
behaves very much like head can be 
defined using ind-Vec. 


(claim front 
(N ((E U) 
(n Nat)) 
(— (Vec E (add1 n)) 


E))) 
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The direct approach used in previous ” Tt would be E, but no E is available 
invocations of ind-Vec does not work because vecnil is empty. 
here. 


What is the type of the expression that 
could fill the box? 
' (define front 
(\ (E € es) 
(ind-Vec (add1 @) es 
(X (k xs) 


' 

i 
' \ 
' ' 
\ i 
' ' 
' 1 
' ' 
'‘ ' 
' E) 1 
\ i 
' ' 
' ' 
' ' 
' ' 
' ' 
' f 


(A (k ht fronty.) 
h)))) 


There is no way to fill this box, but this " So the motive isn’t boring, is it? 
bad definition of front provides no 
evidence of that fact in the base. 


The solution is to change the motive so 
that the base’s type contains this 
evidence. 


ind-Vec can eliminate any Vec, but front ~ What motive can be used here? 
only works on Vecs whose length has 

add1 at the top. Because ind-Vec is too 

powerful for this task, it must be 

restricted to rule out the need for a base. 

This is done by carefully choosing the 


motive. 
What is the purpose of the motive in * ‘The motive explains how the type of the 
ind-Vec? ind-Vec-expression depends on the two 


targets. 
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mot-front has a type like any other ” Phis is no different from other uses of 
motive. ind-Vec. 


(claim mot-front 
(N (EU) 
(k Nat)) 
(> (Vec E k) 
u))) 


That’s right. "Please explain that definition. 


The definition of mot-front, however, is 
quite different. 


(define mot-front 
(A (E) 
(d (k es) 
(1 (Gj Nat)) 
(— (= Nat k (addi j)) 
E))))) 


The argument k is a target of ind-Vec. "If there were such a Jj, then zero would 
Both the base and the step now have two —_ equal (add1 /). But zero-not-add1 proves 
extra arguments: a Nat called j and a that this is impossible. 

proof that k is (add1 J). 


In the base, k is zero. Thus, there is no 
such /. 


Exactly. “What about the step? 


zero-not-add1 can be used with 
ind-Absurd to show that no value is 
needed for the base. 
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What is the step’s type? ° The step’s type follows the Law of 
ind-Vec. 


(claim step-front 
(N ((E U) 
(é Nat) 
(e E) 
(es (Vec E £))) 
(— (mot-front E 
é 
es) 
(mot-front E 
(add1 @) 
(vec:: e es))))) 


Here is the start of step-front. What “ ‘The box is a 
belongs in the box? (mot-front E 
fais aes ee (addi £) 


| (define step-front 
| (\ (E €ees) 
(\ (frontes) 


(vec:: € es)). 


' 
' 
' 
1 
1 
' 


Bia matananec cate 


What is the purpose of the expression "front is not really recursive—like zerop, 

that goes in the box’? the answer is determined by the top 
constructor of ind-Vec’s target. The 
answer is e, which is the first entry under 
vec:: in the list. 


What is the normal form of the empty ” ‘The normal form is 


box’s type (FH (Ui Nat)) 
(mot-front E (— (= Nat (addi ¢) (add1 j)) 
(add ¢) E)). 


(vec:: € es))? 
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What does this type mean? It means that the step builds a function 
that takes a Nat called j and evidence 
that (add1 £) is (add1 j), and then 
produces an E. The only E here is e. 


In the base’s type, the motive requires 
that zero has add1 at the top, so no base 
is needed. A step, however, can be 
written because (add1 ¢) does have add1 
at the top. 


What is the purpose of step-front? step-front finds the value of front for 
non-empty Vecs, which is the first entry 
in the Vec. 


Define step-front. Because front is not recursive, front. is 
dim. Similarly, the specific length is not 
important, because it is not zero. The 
empty box is filled with a function that 
ignores its arguments, resulting in e. 


(define step-front 

(x (E € ees) 

(X (fronte) 

( (i ea) 
e)))) 


Because the value of mot-front is a ” That's not right. front should find the 
N-expression, the ind-Vec-expression in first entry in a Vec, not a function. 
front has a function type. 


The function type found by mot-front —" Haw does that help? 
expects two arguments: a new Nat called 

Jj and evidence that the length of the Vec 

is (add1 J). 
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According to front’s type, the Vec’s * So the new Nat is £ because the length of 
length already has add1 at the top. the Vec is (add1 @). 

Yes. * Right. 

And, proving that Because (same (add1 £)) does it. 


“(add1 €) equals (add1 £)” 


does not require a complicated 
argument. 


Now, define front. Because the ind-Vec-expression’s type is 
a [-expression, it can be applied to 
and (same (add1 @)). 


(define front 
(\ (E £ es) 
((ind-Vec (add1 ¢) es 
(mot-front E) 
(\ GU eq) 
(ind-Absurd 
(zero-not-add1 j eq) 
E)) 
(step-front E)) 
(same (add1 £))))) 


Congratulations! ” This sounds like a valuable skill. 


Being able to design appropriate motives 
for definitions such as front is very 
important. A similar technique is used to 
write drop-last or rest using ind-Vec. 
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Finding values is a valuable skill as well. 


What is the value of 
1. | (front Atom 2 
(vec:: ‘sprinkles 
(vec:: "chocolate 
(vec:: "maple vecnil))))? 


” The first step is to apply front to its 
arguments. 


Mg 


((ind-Vec (add1 2) 
(vec:: "sprinkles 
(vec:: "chocolate 
(vec:: 'maple vecnil))) 
(mot-front Atom) 
(\ (eq) 

(ind-Absurd 
(zero-not-add1 j eq) 
Atom)) 

(step-front Atom)) 
2 (same (add1 2))) 


What’s next? 


” ind-Vec’s targets have add] and vec:: at 
the top, so step-front is next. 


3. 


= 


((step-front E 2 
‘sprinkles 
(vec:: "chocolate 
(vec:: 'maple vecnil)) 
(ind-Vec 2 (vec:: ‘chocolate 
(vec:: 'maple vecnil)) 
(mot-front Atom) 
(\ G eq) 
(ind-Absurd 
(zero-not-add1 j eq) 
Atom)) 
(step-front Atom))) 
2 (same (add1 2))) 
((A (J eq) 
'sprinkles) 
2 (same (add1 2))) 
‘sprinkles 


Take a cozy break for fika if you feel the ” See you in half an hour. 


need. 
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How was the coffee and donuts? 


Is every statement true or false? 


“Every statement is true or false.” is 
called the Principle of the Excluded 
Middle.* 


Sometimes, the Principle of the Excluded Mid- 
dle is called the “Law” of the Excluded Middle. It 
is also sometimes written tertium non datur, which 
means “there is no third choice.” 


” Laekert! 


80 


81 


Clearly. 


Let’s prove it. 


Write the statement 
“Bvery statement is true or false.” 
as a type. 


If a statement is false, it has no evidence. 
This can be written as an “ifthen” 
statement. 


“X is false” is written 
(3x 
Absurd). 


There is no evidence for pem. 


What would count as evidence for pem? 


Imagine That ... 


83 


st 
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Statements are types. How can “is false” 
be written as a type? 


“Every statement is true or false.” is a 
N-expression. 
Leek. ee ee 
i (claim pem 
(1 ((X &)) 
(Either X 
(+x 


Why not? 


Evidence for pem would be a function 
that determines the truth or falsity of 
every statement that can be written as a 


type. 
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Every single statement? 


This would mean that there are no 
unsolved problems. 


s 


“every.” 


Great! No more problems. 


7 Every single statement, because [1 means 


Life would be boring if we had no 
problems left to solve. 


That's right. 


That's right. It can’t possibly be false. 


Write 


“Every statement is true or false’ 
can’t possibly be false.” 


89 


So pem isn’t true, but it can’t possibly 
be false! 


It’s not true, but it can’t be false? 


In other words, 


“<“Byery statement is true or false” is 
false’ is false.” 


(claim pem-not-false 


(N ((X U)) 
as a type. (— (— (Either X 
(9x 
Absurd) ) 
Absurd) 
Absurd))) 
That's right. Now prove pem-not-false. "How? 


What counts as evidence for a 
N-expression? 


92 


A )-expression. 


1 (d(X) 
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What is the empty box’s type? 


That’s right. 


Continue the proof. 


What can be done with pem-false? 


95 


The empty box is an 
(> (— (Either X 


Absurd), 
so it should also be filled with a 
-expression. 


This new -expression accepts evidence 
that the Principle of the Excluded 
Middle is false for X as its argument. 
(define pem-not-false 
(d (X) 
(\ (pem-false) 


pem-false’s type has —> at the top, so it 
can be eliminated by applying it. The 
empty box’s type is Absurd, and 
pem-false would produce evidence of 
Absurd if it were applied to a suitable 
argument. 


What is the type of suitable arguments? 
\(define pem-not-false 
1 (A(X) 

\ (\ (pem-false) 
1 (pem-false 


tbs crt sity ‘ater 


"The box’s type is 


(Either X 
(4X 
Absurd)). 
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or 2 x 
There are two ways to construct one of No, left is not relevant because there is 


those. no evidence for X available. 


Is left relevant? What about right? 


(define pem-not-false SS 
(s (X) 
(\ (pem-false) 
(pem-false 


What is the empty box’s type now? The box’s type is 
(~x 
Absurd). 


What is evidence for an +? A >-expression. This new box’s type is 
Absurd. 


\ (define pem-not-false ' 
(sO) 
(\ (pem-false) ' 
(pem-false ' 
(right 

( (x) ' 


What can be used to make an Absurd? pem-false can. 
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Give it a try. 


This box’s type is 
(Either X 
(7X 
Absurd)). 


The difference is that there is now an X 
available. 


10 


102 


108 


Again? Okay. 


| (define pem-not-false 

1 O09 

\ (\ (pem-false) 

H (pem-false 

H (right 

: 0 (©) 

(pem-false | »y))) 


Isn’t this getting a bit repetitive? 


This means that left can be used. 


(define pem-not-false 
(d (X) 
(X (pem-false) 
(pem-false 


(right 
(r (x) 
(pem-false 


(left x)))))))) 


Nice proof. 


Very funny. 


If pem were true, then we would have 
evidence: a magical total function that 
solves every problem that we can write 
as a type. 


rat 


105 


But if the Principle of the Excluded 
Middle is not false, why isn’t it true? 


So evidence that a statement is not false 
is less interesting than evidence that it is 
true? 


Imagine That ... 
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106 
Exactly. Can “X is decidable” be written as a 


type? 
There are, however, some statements 
that are either true or false. These 
statements are called decidable because 
there is a function that decides whether 
they are true or false. 


It certainly can. “" ‘That looks a lot like pem. 
(claim Dec 
(~Uu 
u)) 
(define Dec 
(A (Xx) 
(Either X 
Xx 
Absurd)))) 
Another way to phrase pem is ™ So pem’s claim could have been written 
“All statements are decidable.” using Dec. 
1 (claim pem ‘ 
; ' 
1 (11 (X &)) ' 
a.) ee i 
Some statements are decidable, even ” How about deciding that this has been 
though not all statements are decidable. enough for today? 
Sure. Tomorrow, we encounter a  Tt’sa good thing there are more donuts. 


decidable statement. 


Enjoy your donuts 


you'll need your energy for tomorrow’s decisions. 
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This page is not unintentionally left blank. 
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Remember zerop from chapter 3? 


If nis a Nat, then (zerop n) is an Atom. 


2 


Refresh my memory. 


Which Atom is it? 


Good question. 


The type 


(— Nat 
Atom) 


is not particularly specific. 


The specific type that describes checking 
for zero can be written using Dec. 


(claim zero? 
(11 (G Nat)) 
(Dec 
(= Nat zero /)))) 


What would count as evidence for that 
statement? 


If the value of (zero? n) has left at the 
top, what is tucked under left? 


No, it isn’t. But, based on frame 3:43 on 
page 80, 
(zerop n) 


is 't when n is zero, and 'nil otherwise. 


" ‘That type says, 


“For every Nat j, it is decidable 
whether j equals zero.” 


’ A function that, given some j, decides 


whether j equals zero. 


5 
Evidence that n equals zero, because 


(Dec 
(= Nat zero n)) 
and 
(Either 
(= Nat zero n) 
(— (= Nat zero n) 
Absurd)) 


are the same type. 
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If the value of (zero? m) has right at the 
top, what is tucked under right? 


Evidence that n is not equal to zero. 


In other words, the type of zero? says 
that not only does it determine whether 
a number is zero, it also constructs 
evidence that it is the correct choice. 


The empty box’s type is 
(Dec 
(= Nat zero /)). 
Should it be filled with left or right? 


zero? is a function, so it has )\ at, the top. 


(define zero? 


' 0) 


That depends on j. Because the empty 
box’s type mentions the target /, ind-Nat 
must be used. 


What about the motive? 


0 


The motive can be found by abstracting 
over the target. 


(define zero? 
(x GU) 
(ind-Nat / 
(d (k) 
(Dec 
(= Nat zero k))) 


Why not abstract over zero in the base’s 
type? 


There are two zeros in the base’s type, 
but only one of them is the target. 


What is the base? Its type is 
(Dec 
(= Nat zero zero)). 


So, 


(left 
(same zero)) 


does the trick. 
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What about the step? 


Is zero ever equal to a Nat with add1 at 
the top? 


” ‘The step’s type is 
(1 (Gl Nat)) 
(> (Dec 
(= Nat zero j-1)) 
(Dec 
(= Nat zero (add1 j-1))))). 


u 


No. 


Prove that 
“zero is not equal to (add1 j-1) 


That's right. 


Use this to define the step. 


” The proof is (zero-not-add1 j-1). 


zero? is not really recursive, so zero?,., is 
dim. The proof that (add1 j-1) is not 
equal to zero is tucked under a right 
because Dec is defined to mean Either. 


(define zero? 
(dG) 
(ind-Nat / 
( (k) 
(Dec 
(= Nat zero k))) 
(left 
(same zero)) 
(A Gl zero?,.1) 
(right 
(zero-not-add1 j-1)))))) 


If It’s All the Same to You 


345 


prior permission, Violators will be prosecuted. 


zero? is both a proof that equality with * That’s a bold claim. 
zero is either true or false and a function (Gainna=? 
that decides whether any given Nat is (N ((n Nat) 
equal to zero. (j Naty) 
Na Me Nat m9) 
= Nat n 
“For every two natural numbers n and z 


j, it is decidable whether n equals j.” 


A claim requires a proof. * ‘That's a strange way to start the proof. 


(define nat=? What is the reason that the 


\ ( (nj) ' ind-Nat-expression is applied to j? 
1 ((ind-Nat_n i 
1 ; 
H ) ' 
The definition of front uses a more ” Ts nat=?’s base also unnecessary? 


informative motive to make apparent 
that the base is unnecessary. 


No, nat=? needs a base because it makes " Please point out where this is necessary. 
sense to apply it to zero as an argument. 


But a more informative motive is needed 
here in order to write the step, or else 
the almost-proof does not prove a strong 
enough statement. 
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Gladly. 


What is the motive’s type? 


2 


Every motive used with ind-Nat has the 
same type. 


(claim mot-nat=? 
(—> Nat 
U)) 


The more informative motive, read as a 
statement, says 

“For every Nat j, it is decidable 
whether j is equal to the target.” 


Write this as a function from the target 
to a type. 


Compare mot-nat=? to mot-front in 
frame 15:60 on page 330. 


2 


* The every means that there is a lM, and 
the target is the argument to the motive. 


(define mot-nat=? 
(X (k) 
(11 (G Nat)) 
(Dec 
(= Nat k s))))) 


© Both of them give [-expressions, so the 
base and step accept arguments. 


These arguments, however, serve 
different purposes. 


The extra arguments in front are used to 
make the types more specific to rule out 
the base. On the other hand, the extra 
argument in nat=? is used to make the 
type more general so that the 
almost-proofs can decide equalities with 
every Nat, instead of only the second 
argument to nat=?. 


Sometimes, the “motive” is more 
complicated than just “what” the base is. 


Speaking of the base, what is its type? 


' Neither motive is found by just 
abstracting over some constant, though. 


” ‘The base is a 
(11 (G Nat)) 
(Dec 
(= Nat zero /))). 
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What has that type? 


The step is still an empty box. What is 
its type? 


” zero? has that type. 


(4 (nj) 
((ind-Nat n 
mot-nat=? 
zero? 


” For ind-Nat, the type of the step is found 


using the motive. 


(claim step-nat=? 
(Fl ((n-l Nat)) 
(> (mot-nat=? n-L) 
(mot-nat=? (add1 n-1))))) 


The types of the step and the motive are _ 


determined by the Law of ind-Nat. Their 
definitions, however, may both require 
insight. 


Define step-nat=?. 


Here's a start. 


step-nat=?’s type has a [| and an —, but 


that definition has three \s. 


Why is the innermost \ present? 


The innermost \-expression is there 
because 
(mot-nat=? (add1 n-1)) 
and 
(1 (U Nat)) 
(Dec 


(= Nat (add1 n-1) s))) 
are the same type. 
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Now it is time to decide whether 
(add1 n-L) equals j. 


Checking whether / is zero requires an 
eliminator. 


If / is zero, then they are certainly not 
equal. 


ind-Nat is the only eliminator for Nat 
that allows the type to depend on the 
target, and j is in the type. 


| (define step-nat=? 

1 (\ (m1 nat=?,3 j) 

(ind-Nat j 

| (Kk) 

\ (Dec 

(= Nat (add1 1-1) k))) 


Marcel ep pape Seep ee erin 


In this definition, the base is much easier ml 


than the step. What is the base’s type? 


The base’s type is 
(Dec 
(= Nat (add1 n-1) zero)). 
The base has right at the top because 
(add1 n-1) certainly does not equal zero. 


Prove it. 


a7 
Prove what? 


Prove that 


“(add1 n-L) does not equal zero.” 


4 . 
Again? 
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zero-not-add1 is not a proof that * Ah. 


“(add1 n-1) does not equal zero.” (dlaim add1-not-zero 
(Tl ((m Nat)) 
(— (= Nat (addi n) zero) 
Absurd) )) 
(define add1-not-zero 
(X (n) 
(use-Nat= (add1 n) zero))) 


What is the base? ” ‘The base has right at the top, and uses 
add1-not-zero. 


| (define step-nat=? 
(\ (n-l nat=?n4 J) 
(ind-Nat / 
0 (k) 
(Dec 
(= Nat (add1 1-2) k))) 
(right 
(add1-not-zero n-1)) 


))) 


i pa gs ert Seti ial 


What is the step’s type? * The step isa 
(1) (Gl Nat)) 
(> (Dec 
(= Nat (add1 n-) j-1)) 
(Dec 
(= Nat (add1 n-1) (addi /1))))). 


If mot-nat=? didn’t produce a 7 Why is that? 
f-expression, we would be unable to 
write the step. 
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In order to decide whether 
(add1 n-L) equals (add1 #2), 

is it useful to know whether 
(add1 n-1) equals j-1? 


This means that the second argument to 
this step is dim. 


39 


40 


4 does not equal 3, but 4 certainly equals 


(add1 3). 


On the other hand, 4 does not equal 9, 
but 4 also does not equal (add1 9). 


How can the decision be made? 


| (define step-nat=? 
(\ (n-l nat=?n4 J) 
(ind-Nat / 
(A (4) 
(Dec 
(= Nat (add1 1-1) k))) 
(right 
(add1-not-zero n-1)) 
(A (Gl nat=?,.1) 


)))) 
be we ew eee ee ee eee ee ee eee eee eee a 
nat=?,; is able to decide whether n-l is “And that is the reason why mot-nat=? 
equal to any Nat. must have a [-expression in its body. 
Otherwise, nat=?,; would just be a 
statement about / that is unrelated to 
(add1 jl). 
What type does “ Itisa 
(nat=?,4 j-l) (Dec 
have? (= Nat nl j-l)) 
but the empty box needs a 
(Dec 
(= Nat (add1 nt) (addi j1))). 
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If we can decide whether 
n-l and j-l are equal, 

then we can also decide whether 
(add1 n-1) and (add1 j-1) are equal. 


(claim dec-addi= 
(NM ((n-1 Nat) 
(-l Nat)) 
(> (Dec 
(= Nat 
n-l 
it) 
(Dec 
(= Nat 
(add1 n-1) 
(add1 j-1)))))) 


Checking both cases means ind-Either. 


Start the definition. 


What goes in the first empty box? 


6 


If n-1 equals j-l, then cong can make 
(add1 n-1) equal (addi j-1). And if they 
are not equal, then working backwards 
with sub1= is enough to be Absurd. 


The motive in ind-Either ignores its 
argument because the type does not 
depend on the target. 


| (define dec-add1= 

| (d (al fl eg-or-not) 

| (ind-Either 

H (\ (target) 

H (Dec 

i (= Nat 

' (addi n-1) 
(addi #1)))) 
i) 


The first empty box needs an 
(— (= Nat n-l j-1) 
(Dec 
(= Nat (add n-1) (addi j-1)))). 
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That's the type. 


What about the contents of the box? 


The left is used because the answer is 
still, “Yes, they’re equal.” And cong with 
(+ 1) transforms evidence that 

“n-l equals j-l” 
into evidence that 

“(add1 n-1) equals (addi j-1).” 
The box should contain 

(d (yes) 

(left 
(cong yes (+ 1)))). 


Indeed. What goes in the second box? 


The contents of that second box will 
have right at the top. Why? 


In that box, right requires an 
(—> (= Nat (addi n-1) (add1 j1)) 
Absurd). 
That box has a variable available named 
no, with type 
(— (= Nat n-t j-1) 
Absurd). 


* ‘The second box’s type is 


(> (> (= Nat nt j-1) 
Absurd) 
(Dec 
(= Nat (add1 n-2) (addi j-1)))). 


Because if n-l and j-l are not equal, then 
(add1 n-1) and (add1 j-1) are also not 
equal. 


no proves Absurd when its argument is an 
(= Nat n-l jt), 
which can be found using sub1= like this: 


(d (n=) 
(no (sub1= n-1 j-1 n=j))). 
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Now complete the definition. 


Finish step-nat=?. 


” dec-add1= is a bit long. 


(define dec-add1= 
(X (n-l jl eq-or-not) 
(ind-Either eg-or-not 
(A (target) 
(Dec 
(= Nat (add1 n-1) (addi j-l))) 
(A (yes) 
(left 
(cong yes (+ 1)))) 


(sub1= n-l j-l 


n=J)))))))) 


Here it is. 


(define step-nat=? 
(\ (n-l nat=?na J) 
(ind-Nat / 

(0 (k) 

(Dec 
(= Nat (add1 n-L) k))) 

(right 
(add1-not-zero n-1)) 

(A Gl nat=?n-1) 
(dec-add1= n-l j-1 


(nat=7,4 j-1)))))) 
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Now that the motive, the base, and the > It is decidable whether two natural 
step are completed for nat=?, it can be numbers are equal. 
given a solid box. 


(define nat=? 


(d (nj) 
((ind-Nat n 
mot-nat=? 
zero? 
step-nat=?) 
J))) 
Just like even-or-odd, nat=? is both a 7 Why was there no food in this chapter? 
proof that makes a statement true and a 
function that determines whether any 
two numbers are equal. Because nat=? is 
total and because it provides evidence, 
there is no way that it can find the 
wrong value. 
Numbers nourish our minds, not our “ But a weak body leads to a weak mind. 


bodies. 


Go enjoy a banquet 


you’ve earned it! 
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Pie is a small language—small enough to 
be understood completely. Now, it may be 
time to continue with more sophisticated 
dependently typed languages.' 

In addition to type constructors like N 
and ©, these languages include five exten- 
sions: infinitely many universes, the ability 
to define new type constructors and their 
associated data constructors, the ability to 
define functions through pattern matching, 
the ability to leave out expressions that the 
language can find on its own, and tactics 
for automating proof construction. 


A Universe Hierarchy 


In Pie, there is a single universe type, 
called UY. While U is a type, U does not de- 
scribe itself nor any type that can contain a 
U, such as (List ). While more universes 
are not needed for any of the examples 
in this book, it is sometimes necessary to 
have a type that describes U (and some- 
times even a type that describes the type 
that describes /). By including infinitely 
many universes, each describing the pre- 
vious ones, more sophisticated languages 
ensure that there are always sufficient uni- 
verses to solve each problem. 


Inductive Datatypes 


Some types that one might propose do 
not make sense. Restricting Pie to a 
fixed collection of types ensures that no 
type can undermine the system as a 
whole. Some problems, however, cannot 
be easily expressed using the tools in this 
book. More sophisticated languages allow 
for adding new datatype type construc- 


1Examples include Coq, Agda, Idris, and Lean. 
>Thanks, Peter Dybjer (1953-). 
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tors.? These new types are called inductive 
datatypes because their eliminators express 
the mathematical idea of induction. 

If Pie did not already feature lists, then 
adding them could require the following 
declaration: if E isa U, then (List E) isa. 
In addition, there are two constructors: nil, 
which is a (List E), and ::, which needs two 
arguments. The name for an eliminator 
is also needed. The Laws and Command- 
ments for the eliminator are based on the 
provided constructors. 


(data List ((E 2/)) () 
(nil () 
(List E)) 
(:: ((e E) (es (List E))) 
(List E)) 
ind-List) 


These new inductive datatypes might have 
both parameters, which do not vary be- 
tween the constructors, and indices, which 
can vary between them (as discussed in 
frame 11:14). For Vec, the first argument 
is a parameter, while the length varies be- 
tween vec:: and vecnil. 


(data Less-Than () ((j Nat) (« Nat)) 
(zero-smallest (( Nat)) 
(Less-Than zero (add1 n))) 
(add1-smaller ((j Nat) 
(k Nat) 
(i<k (Less-Than j k))) 
(Less-Than (add1 j) (add1 k))) 
ind-Less-Than) 


As an example of an indexed family, 
the datatype Less-Than is evidence that one 
number is smaller than another. Because 
the constructors impose different values on 
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each Nat, the Nats are indices. The Law of 
ind-Less-Than follows a pattern that should 
be familiar from other types: if target is a 


(Less-Than j k), 
mot is a 
(N (GY Nat) 
k Nat)) 
(— (Less-Than j k) U)), 
base is a 
(11 ((k Nat) 
ft (Less-Than zero (add1 k)))) 
(mot zero k It)), 


and step is a 
(11 (GU Nat) 
k Nat) 
(j<k (Less-Than j k))) 
(— (mot j k j<k) 
(mot (add1 /) (add1 k) 
(add1-smaller j k j<k)))), 


then (ind-Less-Than target mot base step) 
is a (mot j k target). 

The ability to define new datatypes 
makes it much more convenient to do com- 
plicated things in these other languages. 
Furthermore, using eliminators directly, as 
we have in Pie, is not particularly conve- 
nient for larger problems. 


Recursive Functions with 
Pattern Matching 


The basic principle of eliminators is that 
for each constructor, we need to explain 
what must be done to satisfy the motive 
using the information inside the construc- 
tor. Recursion is made safe by having each 
eliminator be responsible for ensuring that: 
recursive computation is performed only 
on smaller values. 


>Thanks, Thierry Coquand (1961-). 
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An alternative way to define functions 
is with pattern matching and a safe form of 
recursion.* More sophisticated languages 
also allow recursive functions to be defined 
by directly explaining what action to take 
with each possible value. For instance, 
Jength could have been written as follows: 


(claim length 
(1 ((E Nat)) 
(— (List E) Nat))) 
(define length 
(A (E es) 
(match es 
(nil zero) 
((:1 x xs) (add1 (length xs)))))) 


While recursion is not an option in 
Pie, sophisticated languages have addi- 
tional checks to ensure that recursion is 
only used safely, and can thus allow it. 

While front’s definition in frame 15:74 
requires a more informative motive to rule 
out the vecnil case, as well as extra argu- 
ments to satisfy the motive, a definition 
with pattern matching is more direct. Not 
only does it work, but it is also more un- 
derstandable and more compact. 


(claim front 
(Nl ((E U) 
(n Nat)) 
(— (Vec E (addi n)) E))) 
(define front 
(\ (E nes) 
(match es 


((vec:: x xs) x)))) 


Sometimes, we only care that we have 
evidence for a statement, not which ev- 
idence it is. In such situations, writing 
the evidence out explicitly is not always 
appealing—especially when that evidence 
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consumes many pages. Truly verbose evi- 
dence can even require a whole bookshelf, 
while being repetitive and tedious rather 
than pithy and interesting. 


Implicit Arguments 


Programs written with dependent types 
have a tendency to grow quickly. For in- 
stance, length requires not only a list, but 
also the type of entries in that list, and 
vec-append requires the type of entries and 
the respective lengths of the vectors being 
appended. This information, however, is 
already available in the types of later ar- 
guments, so it would be convenient to be 
able to omit some of it. 

More sophisticated languages provide 
a mechanism called implicit or hidden ar- 
guments.’ These arguments are to be dis- 
covered by the system, rather than the re- 
sponsibility of the user. 

Pie could be extended with implicit ar- 
guments. One way to do this would be to 
add three new syntactic forms: 


1. an implicit , say N*, that works just 
like the ordinary N, except that its 
arguments are marked implicit, 


2. an implicit \, say \*, that works just 
like the ordinary \, except that its 
arguments are marked implicit, and 


3. an implicit function application, say 
implicitly, that marks its arguments 
as filling an implicit rather than ex- 
plicit role. 


With these features, length could be 
written so that the type of entries is hid- 
den, and automatically discovered. 


‘Thanks, Randy Pollack (1947-). 
°Thank you, Robin Milner (1934-2010). 
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(claim length 
(M+ ((E U)) 
(— (List E) Nat))) 
(define length 
(r+ (E) 
(X (es) 
(rec-List es 
0 
(r (e es 0) 
(addi ¢)))))) 


Then, the expression 

(length (:: "potato (:: "gravy nil))) 
would be the equivalent of having written 

(length Atom (:: "potato (:: "gravy nil))) 
in Pie using the definition of length from 
chapter 5. Similarly, 

(implicitly length Atom) 
would be an 

(— (List Atom) Nat). 
Implicit arguments allow definitions to be 
just as concise as the built-in constructors 
and eliminators. 


Proof Tactics 


Here is another way to define even-or-odd. 
Instead of directly constructing the evi- 
dence that every natural number is either 
even or odd, this version uses proof tactics" 
to automate the definition. 

A tactic is a program in a special lan- 
guage that is provided with a desired type 
(called a goal) that either succeeds with 
zero or more new goals or fails. Further 
tactics can then be deployed to solve these 
new goals until all tactics have succeeded 
with no remaining goals. Then, evidence 
for the original goal is the result of the 
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tactic program. If Pie had tactics, then ev- 
idence for even-or-odd could be constructed 
with a tactic script instead of being written 
as an expression. 


(claim even-or-odd 
NM ((n Nat)) 

(Either (Even nm) (Odd n)))) 
(define-tactically even-or-odd 
intro n) 
elim n) 
apply zero-is-even) 
intro n-1 e-or-0,) 
elim @or-0p;) 
then 

right 

(apply addi-even— odd) 

auto) 
then 

left 

(apply addi-add-even) 

auto)) 


Here, intro is a tactic that succeeds 
when the goal type has lM at the top, bind- 
ing the name given as an Atom using i. 
elim uses an appropriate eliminator, here 
ind-Nat and ind-Either, respectively. apply 
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uses an expression to solve the goal, but 
leaves behind new goals for each argument 
needed by the expression. then causes each 
tactic in sequence to be used in all of the 
new goals from the preceding tactic. When 
used as tactics, right and left succeed when 
the goal has Either at the top, and provide 
Either’s respective argument types as new 
goals. auto takes care of simple evidence 
completely on its own. The result of these 
tactics is the same as the even-or-odd de- 
fined in chapter 13. 

Tactics can be combined to create new 
tactics, which allows even very complicated 
and tedious evidence to be constructed us- 
ing very small programs. Furthermore, it 
is possible to write one tactic that can solve 
many different goals, allowing it to be used 
again and again. 

Each sophisticated language for pro- 
gramming and proving has some mix of the 
useful, yet more complicated, features de- 
scribed here. Do not be concerned—while 
these languages have features that make 
programs easier to write, the underlying 
ideas are the familiar ideas from Pie. We 
wish you the best in your further explo- 
ration of dependent types. 
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Some Books You May Love 


Flatland: A Romance of Many Dimensions 
by Edwin A. Abbott. Seeley & Co. of London, 1884. 


Gédel’s Proof 

by Ernest Nagel and James R. Newman. NYU Press, 1958. 
Grooks 

by Piet Hein. MIT Press, 1966. 


Gédel, Escher, Bach: An Eternal Golden Braid 
by Douglas R. Hofstadter. Basic Books, 1979. 


To Mock a Mockingbird and Other Puzzles 
by Raymond Smullyan. Knopf, 1985. 

Sophie’s World: A Novel About the History of Philosophy 
by Jostein Gaarder. Farrar Straus Giroux, 1995. 


Logicomiz 
by Apostolos Doxiadis, Christos H. Papadimitriou, Alecos Papadatos, and 
Annie Di Donna. Bloomsbury USA, 2009. 


Computation, Proof, Machine: Mathematics Enters a New Age 
by Gilles Dowek. Cambridge University Press, 2015. 
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This appendix is for those who have some background in the theory of programming 
languages who want to compare Pie to other languages or who want to implement Pie 
from scratch. Three good books that can be used to get this background are Harper’s 
Practical Foundations for Programming Languages, Pierce’s Types and Programming 
Languages, and Felleisen, Findler, and Flatt’s Semantics Engineering with PLT Redes. 

When implementing dependent types, there are two questions to be answered: when 
to check for sameness, and how to check for sameness. Our implementation of Pie uses 
bidirectional type checking (described in the section Forms of Judgment) to decide 
when, and normalization by evaluation (described in the section Normalization) as 
the technique for checking sameness. 


Forms of Judgment 


While Pie as described in the preceding chapters is a system for guiding human judg- 
ment, Pie can also be implemented in a language like Scheme. In an implementation, 
each form of judgment corresponds to a function that determines whether a particular 
judgment is believable by the Laws and Commandments. To make this process more 
straightforward, implementations of Pie have additional forms of judgment. 

Although chapter 1 describes four forms of judgment, this appendix has additional 
details in order to precisely describe Pie’s implementation. In the implementation, ex- 
pressions written in the language described in the preceding chapters are simultaneously 
checked for validity and translated into a simpler core language. Elaboration into Core 
Pie can be seen as similar to macro expansion of Scheme programs. 

Only the simpler core language is ever checked for sameness. The complete gram- 
mars of Pie and Core Pie are at the end of the appendix, on pages 392 and 393. When 
the distinction between them is important, e is used to stand for expressions written in 
Pie and c is used to stand for expressions written in Core Pie. 

The forms of judgment for implementations of Pie are listed in figure B.1. When a 
form of judgment includes the bent arrow ~, that means that the expression following 
the arrow is output from the elaboration algorithm. All contexts and expressions that 
precede the arrow are input to the elaboration algorithm, while those after the arrow 


T ctx T is a context. 

[+ fresh ~ x T does not bind a. 

T+ x lookup ~ ¢ Looking up 2 in T yields the type ¢;. 

Tre, type~ ¢ e; represents the type c;. 

Tke, =cp type c, and c2 are the same type. 

Tree are Checking that e can have type cz results in ce. 

[Fe synth ~ (the cc.) From e, the type c; can be synthesized, resulting in c¢.. 
Te ey =co: c, is the same ¢; as C2. 


Figure B.1: Forms of Judgment. 
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are output. When there is no ~+ in a form of judgment, then there is no interesting 
output, and the judgment’s program can only succeed or fail. 

When a form of judgment includes a turnstile |, the position before the turnstile 
is a context. Contexts assign types to free variables. In Pie, the order of the variables 
listed in a context matters because a type may itself refer to variables from earlier in the 
context. Contexts are represented by the variable P’,! and are described by the following 
grammar: 

rT s= e Empty context 
| T,e:eq Context extension 


In Scheme, contexts can be represented by association lists that pair variables with their 
types. 

Forms of judgment occur within inference rules. An inference rule consists of a 
horizontal line. Below the line is a conclusion, and above the line is any number of 
premises. The premises are either written next to each other or on top of each other, 
as in figure B.2. The meaning of the rule is that, if one believes in the premises, then 
one should also believe in the conclusion. Because the same conclusion can occur in 
multiple rules, belief in the premises cannot be derived from belief in the conclusion. 
Each rule has a name, written in SMALL Caps to the right of the rule. 


premiseg 
remis — remise, premise, 
P mo = "___ [NAME] — [NAME] 
conclusion conclusion 


Figure B.2: Inference Rules 


When reading the rules as an algorithm, each form of judgment should be imple- 
mented as a function. When an expression occurs in input position in the conclusion of 
an inference rule, it should be read as a pattern to be matched against the input. When 
it is in output position, it should be read as constructing the result of the algorithm. 
When an expression occurs in an input position in a premise, it represents input being 
constructed for a recursive call, and when it occurs in the output position in a premise, 
it represents a pattern to be matched against the result returned from the recursive call. 
Italic variables in patterns are bound when a pattern matches, and italic variables in a 
construction are occurrences bound by patterns, in a manner similar to quasiquotation 
in Scheme. If any of the patterns do not match, type checking should fail because the 
rule is not relevant. If all the patterns match, type checking should succeed, returning 
the constructed result after the bent arrow. If there is no bent arrow, then type checking 
should indicate success by returning a trivial value, such as the empty list in Scheme or 
the element of the unit type in some other language. 


‘TP is pronounced “gamma.” 
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T ctx None 

[TF fresh ~ x T is a context. 

[+ @ lookup ~ c; T is a context. 

Tre, type~ ce T is a context. 

The, =c2 type T is a context, and c; and cz are both types. 
TRee€ yc, T is a context and c; is a type. 

Tre synth~ (the cc.) TI is a context. 

The, =c2: T is a context, c¢ is a type, c1 is ac, and co isa Gq. 


Figure B.3: Presuppositions 


Each form of judgment has presuppositions that must be believed before it makes 
sense to entertain a judgment. In a type checking algorithm, presuppositions are 
aspects of expressions that should have already been checked before they are provided as 
arguments to the type checking functions. The presuppositions of each form of judgment 
are in figure B.3. 

When matching against a concrete expression in a rule, the algorithm must reduce 
the expression enough so that if it doesn’t match, further reduction cannot make it 
match. Finding a neutral expression or a value that is the same as the expression being 
examined is sufficient. A concrete implementation can do this by matching against the 
values used in normalization rather than against syntax that represents these values. 
This also provides a convenient way to implement substitution by instantiating the 
variable from a closure instead of manually implementing capture-avoiding substitution. 


| Input Output 
Conclusion Pattern Construction 
Premise | Construction Pattern 


There are two putative rules that govern T ctx: EmpryCrx and ExrCrx. 


T ctx TrKa =a type 


—_ [Empr 
x [Emery Cxx] Tyo nc: ctx 


GE {ExrCrx] 


Rather than repeatedly checking that all contexts are valid, however, the rest of the 
rules are designed so that they never add a variable and its type to the context unless 
the type actually is a type in that context. This maintains the invariant that contexts 
contain only valid types. Thus, [ etx need not have a corresponding function in an 
implementation. 

From time to time, elaboration must construct a variable that does not conflict 
with any other variable that is currently bound. This is referred to as finding a fresh 
variable and is represented as a form of judgment + fresh ~ 2. This form of judgment 
can either be implemented using a side-effect such as Lisp’s gensym or by repeatedly 
modifying a name until it is no longer bound in I. 

Because the algorithmic system Pie is defined using elaboration that translates Pie 
into Core Pie, it does not make sense to ask whether a Core Pie expression is a type 
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or has a particular type. This is because the translation from Pie to Core Pie happens 
as part of checking the original Pie expression, so the input to the elaboration process 
is Pie rather than Core Pie.? The rules of sameness have been designed such that only 
expressions that are described by a type are considered the same, and only types are 
considered to be the same type. This means that sameness judgments can be used 
to express that one expression describes another, or that an expression is a type. An 
example of this approach can be seen in ExrCrx, where c, being a type under I is 
expressed by requiring that it be the same type as itself under T. 


Normalization 


The process of checking whether the judgments [+ c; = cg type and T+ cy =ca: 
are believable is called conversion checking. To check for conversion, the Pie imple- 
mentation uses a technique called normalization by evaluation,’ or NbE for short. The 
essence of NbE is to define a notion of value that represents only the normal forms of the 
language, and then write an interpreter from Core Pie syntax into these values. This 
process resembles writing a Scheme interpreter, as is done in chapter 10 of The Little 
Schemer. Then, the value’s type is analyzed to determine what the normal form should 
look like, and the value itself is converted back into syntax. Converting a value into 
its normal form is called reading back the normal form from the value. 

The notion of value used in NbE is related to the notion of value introduced in 
chapter 1, but it is not the same. In NbE, values are mathematical objects apart 
from the expressions of Pie or Core Pie, where the results of computation cannot be 
distinguished from incomplete computations. Examples of suitable values include the 
untyped \-calculus, Scheme functions and data, or explicit closures. 

Evaluation and reading back are arranged to always find normal forms. This means 
that the equality judgments can be decided by first normalizing the expressions being 
compared and then comparing them for «equivalence. While the typing rules are 
written as though they use only the syntax of the surface and core languages, with 
capture-avoiding substitution to instantiate variables, an actual implementation can 
maintain closures to represent expressions with free variables, and then match directly 
on the values of types rather than substituting and normalizing. 

Here, we do not specify the precise forms of values, nor the full normalization proce- 
dure. Indeed, any conversion-checking technique that respects the Commandments for 
each type, including the 7-rules, is sufficient. Additionally, there are ways of comparing 
expressions for sameness that do not involve finding normal forms and comparing them. 
The Commandments are given here as a specification that the conversion algorithm 
should fulfill. See Andreas Abel’s habilitation thesis Normalization by Evaluation: 
Dependent Types and Impredicativity for a complete description of NbE. 


?It would be possible to write a separate type checker for Core Pie, but this is not necessary. 
$Thanks, Ulrich Berger (1956-), Helmut: Schwichtenberg (1942-), and Andreas Abel (1974—). 
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The Rules 


The rules use italic letters to stand for arbitrary expressions, and letters are consistently 
assigned based on the role played by the expression that the letter stands for. Letters 
that stand for other expressions are called metavariables. Please consult figure B.1 to 
see which positions are written in which language, and figure B.4 to see what each 
metavariable stands for. 

When one metavariable stands for the result of elaborating another expression, the 
result has a lower-case letter o (short for output) as a superscript. So b° is the result 
of elaborating an expression b. When the same metavariable occurs multiple times in 
a rule, each occurrence stands for identical expressions; if there are multiple metavari- 
ables that play the same role, then they are distinguished via subscripts. Sometimes, 
subscripts indicate a sequence such as %...%,. Otherwise, the subscripts 1 and 2 
or 3 and 4 are used for expressions that are expected to be the same. Even though 
two metavariables have different subscripts, they may nevertheless refer to the same 
expression; the subscripts allow them to be different but do not require them to be 
different. 

The most basic rules are those governing the interactions between checking and 
synthesis. Changing from checking to synthesis requires an equality comparison, while 
changing from synthesis to checking requires an annotation to check against.! Annota- 
tions are the same as the annotated expression. 


THX type~ X° [+ expr e X° ~ expr? 
[+ (the X expr) synth ~+ (the X° expr°) 


[THE] 


[' expr synth ~ (the X, expr”) Tt X, = Xe type 
Th expre X2~ expr? 


[Swircu] 


To read these rules aloud, take a look at the labeled copy of THE below. Start 
below the line, in the conclusion, and identify the form of judgment. In this case, it 
is type synthesis. Begin at the position labeled A. If the input matches (that is, if 
the current task is to synthesize a type for a the-expression), proceed to the premises. 
Identify the form of judgment used in the first premise B: that X is a type. Checking 
that X is a type yields a Core Pie expression X° as output, at position C. This Core Pie 
expression is used as input to the next premise, at position D, which checks that expr 
is an X°, yielding an elaborated Core Pie version called expr® at position E. Finally, 
having satisfied all of the premises, the result of the rule is constructed at position F. 


®@rrx type ~ (©C)X° OP t expr e X°~ © expr” 
@) T+ (the X expr) synth ~~ ()(the X?° expr’) 
‘Thanks, Benjamin C. Pierce (1963-) and David N. Turner (1968-). 


(THE] 
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A the-expression is the same as its second argument. Try reading this rule aloud. 


TH expr = expr. : X 
[TF (the X expr,) = expra: X 


[THESAME] 


Aside from [THE], [SwiTcH], and one of the rules for U, the rules fall into one of 
a few categories: 
1. formation rules, which describe the conditions under which an expression is a type: 
2. introduction rules, which describe the constructors for a type: 
3. elimination rules, which describe the eliminators for a type; 
4 


. computation rules, which describe the behavior of eliminators whose targets are 
constructors; 


. y-rules, which describe how to turn neutral expressions into values for some types; 
and 


or 


6. other sameness rules, which describe when sameness of subexpressions implies 
sameness of whole expressions. 


Formation, introduction, and elimination rules correspond to the Laws, while the re- 
maining rules correspond to the Commandments. The names of rules begin with an 
indication of which family of types they belong to. For instance, rules about Atom 
begin with AToM, and rules about functions begin with FUN. Formation, introduction, 
and elimination rules then have an F, I, or E, respectively. Computation rules include 
the letter t (pronounced “iota”) in their names, with the exception of [FUNSAME-/] and 
(TuHESAME}. The y-rules contain 7 in their names, and the other sameness rules are 
named after the syntactic form at the top of their expressions. 


Sameness 


Sameness is a partial equivalence relation; that is, it is symmetric and transitive. 
Additionally, the rules are arranged such that, for each type, the expressions described 
by that type are the same as themselves. It is important to remember that rules whose 
conclusions are sameness judgments are specifications for a normalization algorithm, 
rather than a description of the algorithm itself. Algorithms for checking sameness do 
not typically include rules such as [SAMESYMM] on page 370 because it could be applied 
an arbitrary number of times without making progress. 
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Role 

car of a pair 

Type of car of a pair 
Argument to a function 

Type of argument to a function 
Base 

Type of base 

cdr of a pair 

Type of cdr of a pair 

Entry in a list or vector 

Type of entries in a list or vector 
Entries in a list or vector 

Any expression 

FROM 

A function expression 

Length of Vec 

Evidence for left type in Either 
Middle of transitivity 

Motive 

A natural number 

Left type in Either 

A pair 

Result of a function 

Type of result of a function 
Evidence for right type in Either 
Step 

Right type in Either 

Target 

TO 

Variable names 

Any type 


Mnemonic 
car 

CAR 
argument. 
Argument 

b is for base 
B is for base 
cdr 

CDR 

e is for entry 
ENTRY 
Plural of e 
expr is an expression 


function 
£ is for length 
It is short for left 


m is for motive 

nis for natural 

The Port is on the left 

pr is for pair 

r is for result 

R is the type of the result 

rt is short for right 

s is for step 

The Starboard is on the right 
t is for target 


x and y are frequently unknown 
X,Y, or Z can be any type 


Figure B.4: Metavariables 
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1 = HX 

= ee [SAMESYMM] 

[TF expr, = exprg : X 

TF expr; = exprn: X [TF eapro = exprz : X 
Tk expr, = expr3 : X 


[SAMETRANS] 


Variables 


The form of judgment with fewest rules is [ | x2 lookup ~ c;. It has two rules: 
LookupStop and LookupPop. 


T,a:X + ¢ lookup~ X [omKinesaae) 


wy T & lookup ~ X 
T,y: Y + @ lookup ~ X 


[LookuPPop] 


Read aloud, LOOKUPSTOP says: 
| To look up x in a context [ja : X, succeed with X as a result. 


and LookuPPoOP says: 


To look up « in a context [',y : Y, make sure that « and y are not the 
same name, and then recursively look up « in [. 


Together, these rules describe looking up a name in an association list using Scheme’s 
assoc to find a name-type pair. Looking up a variable is used in the rule HYPOTHESIS, 
which describes how to synthesize a type for a variable. 


T+} lookup ~~ X 
[Tt a synth ~ (the X zr) 


[HYPOTHESIS] 


To read Hyporuesis aloud, say: 


To synthesize a type for a variable x, look it up in the context T. If 
the lookup succeeds with type X, synthesis succeeds with the Core Pie 
expression (the X 2). 
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The conclusion of HYPOTHESISSAME rule below is a judgment of sameness, so it is 
a specification for the normalization algorithm. 
[+ x lookup ~ X 


BE =a ae [HYPOTHESISSAME] 


HYPOTHESISSAMB says: 


If a variable x is given type X by the context I, then conversion 
checking must find that a is the same X as 2. 


As you read the rest of this appendix, remember to read the rules aloud to aid under- 
standing them. 


Atoms 


In these rules, the syntax [sym] stands for a literal Scheme symbol that satisfies the 
definition of atoms in chapter 1: namely, that they consist of a non-empty sequence of 
letters and hyphens. 


[AtoMF] [ATOMSAME-Atom] 


Tt Atom type ~ Atom T+ Atom = Atom type 


[AromI] 


TE '[sym] synth ~ (the Atom '[sym]) 


Ten = tel ae [ATOMSAME-TICK] 


Pairs 


Tt A type ~ A° T,cz:A°}D type~ D? 
TF (ZX ((a A)) D) type ~ (= ((@ A°)) D°) 


[ZF-1] 


TEA type~ A? 
T,a: A°F (Z ((@1 Ai) ... (@n An)) D) type~ X 


TPE (GA) Ci As) (m A,)) D) pes (Z(G A) PP 
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TFA type~ A? Tt fresh ~ x T,x: A°F D type~ D° [ZF-Pair] 
T+ (Pair A D) type ~ (Z ((x A°)) D°) 


[+ A; = Az type T,a:A,' D, = D2 type 
XSAME-X 
PF (© ((w Ai) Di) = (© ((e Aa)) Da) type | 


The second premise in XI below contains the expression D[a’/z]. The brackets 
mean that capture-avoiding substitution should be used to consistently replace every 
xz in D with a°. This can be implemented by using values with closures rather than 


explicit substitution. 


Trae Ana’ Tedé D{a?/a] ~ d? 
TF (cons a d) € (X ((a A)) D) ~ (cons a® d® 
Try reading XI aloud. 


y 


TRa,=a,:A Tt dy =d2: Dia, /2] 
TF (cons ay dy) = (cons ag dg) : (& ((a A)) D 


j [= SAME-cons] 


T+ pr synth ~ (the (X (( A)) D) pr®) (EE-1] 
T (car pr) synth ~ (the A (car pr®)) 


DF pri = pra: (2 ((x A)) D) 


TF (car pr,) = (car pro): A eases | 


Th a, =az:A T.2a:Atd=d:D 


TE (ear (cons a; d)) =ay: A poe) 


TF pr synth ~ (the (X ((a A)) D) pr?) [ZE-2] 
TE (cdr pr) synth~ (the D[(car pr’)/a] (cdr pr®)) 


TE pri = pr: (2 ((w A)) D) 
T+ (cdr pry) = (cdr pro) : D[(car pry) /z] tates | 


Tra, =a2:A Tr: Akd=a: 


D 
TE (edr (cons a; d)) = do: D{a2/z] cia 


DF pri = pra: (X ((# A)) D) 
[+ pry = (cons (car pre) (cdr pre)) : (X ((@ A)) D) eae 
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Functions 
' al : Pie 4 
Eg Set AY _Eyesaeg Ee Eee ee] 


TH (NM ((a Arg)) R) type ~ (M ((a Arg’)) R°) 


Tb Arg type ~ Arg’ 
T,a: Arg? + (MN ((a1 Argy) ..- (tp, Argn)) R) type X [FUNF-2] 
TE (Ml ((@ Arg) (a1 Argi) ..- (tn Argn)) R) type~+ (N ((a Arg®)) X) 


Tt Arg type~ Arg? Th fresh ax Tyr: Arg? R type~ R° 
aw Se [FuNF— 1] 
T+ (— Arg R) type ~ (NM ((« Arg’)) R°) 


[+ Arg type~ Arg? 
[} fresh ~~ x 
T,a: Arg? + (— Arg: ... Arg, R) type~ X 


TH (— Arg Arg, ... Argn R) type~ (N ((a Arg’)) X) hacia 


Remember to read the rules aloud! To read FUNF—>2, say: 


To check that an —-expression with more than one argument type is 
a type, first check that the first argument type Arg is a type. Call its 
Core Pie expression Arg’. Then, check that a new —>-expression with 
the remaining argument types Arg, ...Argn is a type, and call the 
resulting Core Pie expression X. Find a fresh variable name x that is 
not associated with any type in [, and then the result of elaboration 


is (N ((# Arg®)) X). 


T+ Arg, = Argg type T,a: Arg, + R, = Ro type 
FunSAME-I1 
TF (Ml ((e Arg:)) Ri) = (M1 (we Arga)) Ra) type | 


Tz: Arg¢+re Rw r? 


TF OQ @) r)€(M (@ Arg) R)~ 0 @) we) PUNE 


Tc: Arg¢(A (yz...) r)Ee Rw r? : 
IPOs... Henao Oo wry Hel 
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Ta: Argt ri =re:R 
Pr (h (x) m1) = (A (a) ra): (11 ((@ Arg) 


rR) [FUNSAME-)] 


[EK Sf synth ~ (the (M ((z Arg)) R) f°) [Farge Arg~ arg’ 


TH (f arg) synth~ (the Riarg’/a] (f° arg’)) [FuNE-1] 
TE (f arg ... argn—1) synth ~ (the (M ((x Arg)) R) f°) 
[ arg, € Arg~ arg’, FuNE-2 
TH (f arg ... argn—1 @rgn) synth ~ (the Riarg?/x] (f° argr)) oasis, 


Tr fi = fo: (Nf ((a Arg)) R) Tb arg, = argo : Arg 
DE (fi arg) = (f2 arge) : Rlargi /x] 


[FUNSAME-apply] 


T,a: Argh rj =ro:R TF arg, = argo : Arg 
Te ((d (2) 71) argy) = r2[arge/x] : Rlarg2/2] 


[FuNSAME-/] 


In FuNSAME-n, the premise x ¢ dom(I’) states that a is not bound by I. The 
reason that [ + fresh ~ « is not used in this rule is that the rules for sameness 
are a specification that the conversion checking algorithm must fulfill rather than the 
algorithm itself. It would be inappropriate to use an algorithmic check in a non- 
algorithmic specification. 


x¢dom() Tt fi =fe:(M ((x Arg)) R) 
TE fi =(d (2) (fo 2)): (M1 ((@ Arg)) R) 


[FUNSAME-n] 


Natural Numbers 


—_______________ [NaTF ——__________— [NaTSAME-Nat 
ici bane "| eee be OO at] 


NatI-1 
T'} zero synth ~ (the Nat zero) “| 


= [NATSAME-zer] 
T} zero = zero : Nat 
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TEn€ Nat~ n? . 
avy [NaTI-2] 
TF (add1 n) synth ~ (the Nat (add1 n°)) 


In these rules, [n] stands for a literal Scheme natural number. 


T+ [0] synth ~ (the Nat zero) [Narl-3] 


[FE [k] € Natuon 
Tt {[k+1] synth ~ (the Nat (add1 n)) 


[NatI-4] 


TK ny = nz: Nat 
NarSame-add1 
Tr ii) = addi ay) ee 


TREte Nat~ ¢? 
CT} 6 synth ~ (the B b°) 
Tr Nl ((x« Nat)) B ig 
. o € (M1 ((x Nat)) B)~ st _ —_ T, 
T + (which-Nat ¢ b s) synth ~ (the B (which-Nat ¢° (the B b°) s°)) 


In the next rule, a sameness judgment is written on multiple lines. The following 
two ways of writing the judgment have the same meaning: 


TkK=:cg and Pra=c:cs 


In addition to allowing wider expressions, this way of writing the judgment can also 
make it easier to visually compare the two expressions that are the same. 


THE t, =tg: Nat 
T+ B, = Be type 


TKb=be: By 
TD s; = 89: (Ml ((x Nat)) By) 

NaTSAME-w-N 
(which-Nat ¢ (the B; bi) s1) ie 


Ih = :B, 


(which-Nat tg (the Bo be) so) 
TRb =b:B Ct s=s: (NM ((x Nat)) B) 
Sg PP aa (Nat) 8) i saanmcw Nel 
i reins Gs ase ee 
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TE nm = ne: Nat 
Trb=b:B 
T+ 8; =s2: (NM ((x Nat)) B) 


Tr Wiki Ede) ie Pla) alee een 


TRte Nat~ t? 
[+ } synth ~ (the B b°) 
PRse (A ((x B)) B)~ 8? 
['} (iter-Nat tb s) synth ~ (the B (iter-Nat ¢° (the B b°) s°)) 


[NaTE-2] 


TH t; = te: Nat 
T} By = Bz type 
Th by =bo: By 
Tr 5; =s82:(M ((x Bi)) Bi) 
(iter-Nat t, (the By, b;) s;) 

'F = : By 
(iter-Nat tz (the By bz) s2) 


[NATSAME-iter-Nat| 


Thkh=h:B 
TF s=s:(N ((x B)) B) 
TF (iter-Nat zero (the Bb) s)=bo: B 


[NATSAME-it-Ni1] 


TF ny = 7g: Nat 
THB, = Bo on 
T+ by = bo: By 
[T+ s; = sq: (Ml ((x By)) Bi) 
(iter-Nat (addi ma) (the By bi) s1) 
TR a E84 
(sg (iter-Nat no “(tthe By bz) s2)) 


[NaTSAME-it-Nt2] 


Try comparing the rules for which-Nat and iter-Nat with each other, and keep them 
in mind when reading the rules for rec-Nat aloud. 


TFtE Nat~ t? 
Tb synth ~ (the B b°) 
Tse (N ((n Nat)) (NM ((x B)) B))~ s®° 


—_—_——— eee a | NAT ESE 
T+ (rec-Nat tb s) synth ~ (the B (rec-Nat t° (the B b°) s°)) Paes] 
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TE t, =to: Nat 
TE B, = B2 type 
TE b, =bo: By 
[F s; = sq: (NM ((0 Nat)) (1 ((x By)) Bi)) 
(rec-Nat t; (the B; bi) s1) 
Ter = > By 
(rec-Nat tg (the Bz bg) so) 


[NaTSAME-rec-Nat] 


Th b=b:B  Ts=s:(M((nNat)) (M ((x B)) B)) 


T (rec-Nat zero (the B b;) s)=b2:B [acral Pha] 


TH ny = ng: Nat 
T+ Bi = By type 
Tr b) =bo: By 
TF s; = 82: (Nl ((n Nat)) (1 ((x Bi) Bi)) 
(rec-Nat (addl m1) (the By by) si) 
re = By 
((s2 m2) (rec-Nat nz (the By bz) s2)) 


[NATSAME-t-N.2] 


TRte Nat~ t? 

TE me (fl ((x Nat)) UY) + m? 

THE bE (m? zero) ~ b° 

TFs € (Ml ((k Nat)) (M1 ((almost (m® k))) (m® (add1 k)))) ~ s? 


Tr (ind-Nat t m bs) synth ~ (the (m? #”) (ind-Nat  m? 67 5%) NATE] 


Tk t; = te: Nat 

TE my = mg: (NM ((x Nat)) U) 

TF by = be : (my Zero) 

Tr 8; = s2: (Mf ((k Nat)) 

(N ((almost (m, k))) 
(my (add1 k)))) 

(ind-Nat ¢; mm, bi 51) 

| — : (my ti) 
(ind-Nat ty me bo $2) 


[NarSaMe-ind-Nat] 
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Th m=m: (fl ((x Nat)) YU) 
T+ by = ba : (m zero) 
T+ s=s:(M ((k Nat)) 
(N ((a/most (m k))) 
(m (add1 k)))) F 
TF (ind-Nat zero m b; s) = bg : (m zero) RAS Ase te) 


TE ny = ng: Nat 
T+ my =mz: (NM ((x Nat)) UW) 
[TF by = be : (my, zero) 
TF 8; = 82: (N ((k Nat)) 
(N ((almost (mi k))) 
(my (addi k)))) ; 
(ind-Nat (addi 7) m; 6; 53) pape 


= : (mm, (add1 71)) 
((s2 nz) (ind-Nat nz m2 bz s2)) 


hl 


Tr 


Lists 


THE type~ E° 
Tr (List E) type ~ (List E° 


) [ListF] 


Tt £; = Eg type ‘ 
Tries Bj By) yee ALT 


TEnil€ (List E) ~ nil hei] 


Temas (ee) eae 


[Fe synth ~ (the E e°) TF ese (List E) ~ es° [ListI-2] 
T (:: e es) synth ~+ (the (List E) (:: e° es°)) ° 


Tre=e:E [TF es; = es : (List FE) és 
Tr (:: ey €5,) = (2: €9 es) : (List FE) Peete sg 
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PEt synth ~ (the (List 2) t?) 

[Tb synth ~ (the Bb’) 

Tse (NM ((x £)) (NM ((xs (List £))) (N ((almost B)) B))) ~~ s' 
Tf (rec-List t bs) synth ~+ (the B (rec-List t° (the B b’) s°) 


; [LisTE-1] 


Tk ti = to: (List E) 
TH B, = Bz type 
TH by =bg: By 
TF 5; =$2:(N ((x B)) 
(N ((xs (List £))) 
(N ((almost B,)) 
B,))) 
T } (rec-List ¢; (the B, b) 51) = (rec-List to (the Bz bz) s2): By 


{ListSAME-rec-List] 


[TF nil = nil: (List £) 
Tr bh =b2:B 
Ths=s:(N ((x B)) 
(Nl ((xs (List £))) 
(Nl ((almost B)) 
B))) 
Tf (rec-List nil (the B b,) s;)= bo: B 


[ListSAME-r-Li1] 


TkKe=eaa:E 


[T+ B, = Bg type 
TE b =bo: By 
TF s; = 82: (A ((x B)) 
(N ((xs (List £))) 
(A ((almost By)) 
B,))) 
(rec-List (:: e1 es1) (the By bi) s1) 
Te = : By 
(((s2 €2) es) (rec-List es, (the Be be) s2)) 


{ListSAME-r-Lt2] 
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Tt synth ~ (the (List F) t°) 
TE me (Ml ((xs (List £))) U) ~ m? 
THEDE (m? nil) ~ b° 
Trs€(N ((x E) 
(1 ((xs (List £))) 
(Nl ((almost (m? xs))) 
(m® (:: x xs))))) ~ s® 


TP (ind: List t mb 5) synth~ (the (m? #°) (ind-List  m? & a) LISTE-2I 


Cr t; = te: (List B) 
TF my = mz: (NM ((xs (List B))) U) 
TF by = bz: (my nil) 
TF 8; =sq: (Nl ((x B)) 
(N ((xs (List £))) 
(Nl ((almost (m4 xs))) 


ar auc (:: x 38))) {ListTSAME-ind-List] 
TF (ind-List t; m 6; s,) = (ind-List t2 m2 be sz) : (m th) 


CF m=m: (NM ((xs (List E))) UY) 
TF by = bg: (m nil) 
PFs=s:(N ((x £)) 
(M1 ((xs (List £))) 
(11 ((almost (m xs))) 
(m (:: x xs))))) 


Tole ek oe 


Tke, =e2:E 
Tk es; = es : (List E) 
DF my = mg: (Nl ((x¢ (List £))) YU) 
TF by = bg : (my nil) 
Tr s1 = 52: (N ((x E)) 
(N ((xs (List £))) 
(Fl ((almost (my xs))) 
(my (3: x xs))))) 
(ind-List (:: e; €s,) my by s;) 
Tr = 2 (my (2: e1 es:)) 
(((s2 €2) es2) (ind-List es2 mz bz s2)) 


[ListSAME-i-Li2] 
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Vectors 


TEE types FE? THCENat~ 0? 


Tr (Vec E 2) type~ (Vec B? 2%) ‘LVECF 
T+ EF, = F2 type Tr @, = é : Nat 
TENE, SO byes Oe 
{VecI-1] 


TF vecnil € (Vec F zero) ~» vecnil 


: VECSAME- il 
TF vecnil = vecnil : (Vec £ zero) | wn 


Tree Bue’ ['F es € (Vec E £) ~ es” 

TF (vec:: e es) € (Vec EB (addi @)) ~ (vec:: e° es°) 
Thke=e:E TF es, = es : (Vec E £) 

T (vec:: e1 €81) = (vect: €2 es): (Vec E (addi £)) 


[VecI-2] 


[VECSAME-vec::] 


[Ft synth~ (the (Vec E (add! £)) ¢°) 
T'} (head ¢) synth ~ (the F (head ¢°)) 


[VECE-1] 


TF es; = es2 : (Vec E (addi ¢)) 
TF Theed ret= (eed eeahokt een 
Thre=e:HF Th es=es: (Vec E € 


Deans 
TF (head (vec:: e1 es)) =e2: EF [Seaeeean 


[Ft synth ~ (the (Vec E (add1 £)) t°) 
TF (tail t) synth ~ (the (Vec E @) (tail t°) 


5 [VECE-2] 


T+ es; = es, : (Vec E (addi £)) 
TF (tail es;) = (tail es2) : (Vec E £) 


[VECSAME-tail] 


Tke=e:F T+ es; = esz: (Vec E £) 
T+ (tail (vec:: € es1)) = es2 : (Vec E é) 


[VECSAME-tt] 


In VECE-3 below, there is a premise stating that ¢° and n are the same Nat, rather 
than using the same metavariable for both lengths. This is because both Nats are 
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output, bound on the right of a~+. The Core Pie Nats are independently produced by 
elaboration, so they must be checked for sameness in another premise. This pattern 
occurs in [EQqI], as well. 


Tk ée Nat~ &° 
['} t synth ~ (the (Vec E n) t®) 
Th &° =n: Nat 
TF me (Nl ((k Nat)) (N ((es (Vec E k))) U)) ~~ m° 
I't be ((m?® zero) vecnil) ~+ b° 
I'F se (Nl ((k Nat)) 

(N ((e £)) 

(Nl ((es (Vec E k))) 
(Tl ((almost ((m° k) es))) 
((m° (add1 k)) (vec:: e es)))))) ~~ s” 
TF (ind-Vec ¢t mb s) synth ~ (the ((m° @°) t°) (ind-Vec ¢° t? m® b° s° 


7 [VECE-3] 


Tr &) = lg : Nat 
TH ti Sto: (Vec EF 6) 
TE my, = mz: (Ml ((k Nat)) (fl ((x (Vec E k))) U)) 
TF by = be : ((my Zero) vecnil) 
TF 81 = 82: (Mf ((k Nat)) 
(Nl ((e £)) 
(1 ((es (Vec E k))) 
(Fl ((almost ((my k) es))) 
((m1 (add1 k)) (vec:: e es))))) 
(ind-Vec hy ty my, by $1) 
re = 2 ((my £1) th) 
(ind-Vec f2 t2 ma be 52) 


) [VECSAME-ind-Vec] 


T+ m, = me: (M ((k Nat)) (M1 ((x (Vec EB k))) U)) 
T+ by = be: ((my zero) vecnil) 
['F s=s: (MN ((k Nat)) 
(N ((e B)) 
(Nl ((es (Vec E k))) 
(1 ((almost ((m, k) es))) 
((my (add1 k)) (vec:: e es)))))) 


T'} (ind-Vec zero vecnil my, b; s) = bg : ((me zero) vecnil) 


[VECSAME-i-Vi1] 
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Tr @, = ég : Nat 
Tke=eaa:E 
TH es; = e% : (Vec E ¢;) 
TE m, = my : (N ((k Nat)) (M1 ((« (Vec E k))) &)) 
DT 6; = bg : ((m, zero) vecnil) 
TF sy = s2: (fl ((k Nat)) 
(N ((e £)) 
(Tl ((es (Vec E k))) 
(1 ((almost ((m, k) es))) 
((mm (add1 k)) (vec:: e es)))))) 
(ind-Vec (add1 4) (vec:: ey es1) mi by 51) 


[VECSAME-i-V12] 
= ((me (add1 4) 


((((s2 £2) aN 66) > (vec:: e1 e81)) 
(ind-Vec 2 es2 mz by s2)) 


Pe 


Equality 


THX type~ X° TE from € X° ~ from? TF to€ X°~ to” 
T+ (=X from to) type ~~ (= X° from? to’) 


[EQF] 


Tt} X,=X2 type TE from, = from2 : X, TH toy = tog: X, 


[+ (= X, from, to,) = (= X22 from, tor) type aia 


TF mid € X ~ mid? [+ from = mid? ; X T+ mid? = to 
T (same mid) € (= X from to) ~+ (same mid’) 


ap. 4 (Eal] 


TF from= to: X 
T+ (same from) = (same to) : (= X from from) 


[EQSAME-same] 


[Ft synth ~ (the (= X from to) t?) 
PEme (Nl ((x.X))U)~ m? 
[+ be (m? from) ~ b° 
TF (replace t m b) synth ~ (the (m° to) (replace t° m° b’)) 


[EQE-1] 
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Tht =te: (=X from to) 
Tr m =m: (Nl ((x X)) U) 
TE by = be : (mj from) 
TF (replace ¢; m;, b;) = (replace t2 mz b2) : (my to) 


{[EQSAME-replace] 


[ eapr= expr: X 
TEm=m: (fl ((x X)) WU) 
TH by = bg : (m expr) 
TF (replace (same expr) m bi) = b2 : (m expr) 


{EQSAME-n] 


The Core Pie version of cong takes three arguments, rather than two, as can be 
seen in the grammar on page 393. The first argument in the Core Pie version is the 
type of the expressions being equated, and it is needed in order for a sameness checking 
algorithm to take types into account. 


Tt synth~ (the (= X, from to) t°) 
TH f synth ~ (the (M ((x X2)) Y) f°) 
TEX ,=X2 type 
T (cong t f) synth ~ (the (= Y (f° from) (f° to)) (cong X, t? f° 


yy EAE-2I 


[Tl X, =X2 type 
DE fi = fe: (1 ((« X1)) ¥) 
TH ty = to: (= Xi from to) 
TF (cong X, ty fi) = (cong X2 te fo): (=Y (fi from) (fi to 


7) [EQSAME-cong] 


TF expr; = expr, : X Tt fi = fo: (Fl ((& X)) Y) 
(cong X (same expr;) fi) 
Tr = : (=X (fi expr) (fi expri)) 
(same (f2 expr2)) 


[EQSAME-c1] 


[Ht synth ~ (the (= X from to) t’) 
T+ (symm t) synth ~ (the (= X to from) (symm ¢”)) 


[EQE-3] 


Tht =te: (=X from to) 


TF (emir) = (tw) EX foro) COSAMEsyenn| 
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T+ expr; = expr2 : X 
TF (symm (same expr:)) = (same ezpr2) : (= X expr; expr: 


) [EQSAMB-st] 


Pie contains two eliminators for equality that are not discussed in the preceding 
chapters: trans and ind-=. trans allows evidence of equality to be “glued together:” if the 
TO of one equality is the same as the FROM of another, trans allows the construction of 
an equality connecting the FROM of the first equality to the TO of the second. 


Tt, synth~ (the (= X from mid,) t?) 
[tg synth~ (the (= Y mid, to) t$) 
THX =Y type 

Tb mid; = mid, : X 


PF (trans ¢; t2) synth ~ (the (= X from to) (trans t? £3) eer} 


[bt =to: (=X from mid) Tt t3 =ta: (= X mid to) 
TF (trans t; ts) = (trans ty ta) : (= X from to) 


[EQSAME-trans] 


T+ expr, = expr2: X T+ expr, = exprs : X 
(trans (same expr,) (same exprz)) 
Tr = : (= X exprs erpr3) 
(same expr3) 


[EQSaMe_-tt| 


The most powerful eliminator for equality is called ind-=: it expresses induction on 
evidence of equality. ind-= is sometimes called J° or path induction. Pie’s ind-= treats 
the FROM as a parameter, rather than an index;° this version of induction on evidence 
of equality is sometimes called based path induction. 


Tht synth ~ (the (= X from to) t°) 
Teme (Nl ((x X)) (fl ((t (= X from x))) U)) ~~ m? 
T+ be ((m® from) (same from)) ~ b° 

TF (ind-= t m b) synth ~ (the ((m° to) t?) (ind-= t? m? b° 


yy [BAE-5] 


5 Thanks again, Per Martin-Lof. 
®Thanks, Christine Paulin-Mohring (1962-) 
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Tt) =te: (= X from to) 

Term = sak ((x ey (A(t = from x))) U)) 

TH by = bo: ((m1 from) (same from +4 
TR (ind-= #; m; by) = (ind-= ty mg by) : ((m, to) ty) [Beas] 


T+ eapr= expr: X 
TE m=m:(N ((x X)) (M ((¢ (=X expr x))) U)) 
T+ by = be: ((m expr) (same erpr)) 

TF (ind-= (same expr) m b;) = by : ((m expr) (same expr)) 


[EQSAME-i-=1] 


Either 


TtP type~ P° TKS type~ S° 


TF (Either PS) type ~ (Either P? 5°) [ErrHerF] 


T+ P, = P2 type Tr S,=S>2 type 


E1riterSAME-Eith 
rr (Gahe B, 3.) = ete Pa ey pe ee 


THe P~ It? 
TF (left id) € (Either P S) ~ (left it? 


) {ErTHERI-1] 


TH lj =lk:P — . 
TF (let &) = (let &): (Ether Poy EtHERSame-left] 
Trrte Sw rt? 


Erruerl-2 
Tk (right ré) € (Either P S) ~ (right rt?) [ErrnerI-2] 


Th rth =r: 3S 
[+ (right rt:) = (right rt.) : (Either P S$) 


[EITHERSAME-right] 


[+t synth ~ (the (Either P S) t°) 
TE me (M ((x (Either P $))) U)~ m? 
TE br € (M1 ((x P)) (m? (left x))) ~ 6? 
TE by € (Fl ((x $)) (m? (right x))) ~ b? 
TPF (nd Either tm by b,) synth ~ (the (mF) (ind-Either mi? & be) THERE] 
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[TF t, =ta: (Either P S) 

TE m, = mz: (NM ((x (Either P S))) U) 

Pr by = bia : (M1 ((x P)) (my (left x))) 

TE by = bp2 : (M1 ((x S)) (my (right x))) 
(ind-Either ¢; m1 bn 5-1) 

Te = > (my, ty) 
(ind-Either ty me bye bp2) 


(ErrHERSAME-ind-Either] 


T+ li =lt2:P 

Ct m=m: (Nl ((x (Either P S))) YU) 
Ch by = bye : (N ((x P)) (m (left x))) 
[TF b, =b, : (Nl ((x S)) (m (right x))) 


(ind-Either (left it) m bn by) ea 


re : (m (left 1t,)) 


(bj2 Itz) 


Tr rh =: S 
TE m=m: (Nl ((x (Either P $))) U) 
Tt b = &: (TM ((x P)) (m (left x))) 


PF Bion = ba 3101 1G 8D) (ome Crightt x) [ErrHERSAME-i-E.2| 
(ind-Either (right rt,) m by bp) 
1D = : (m (right ré,)) 
(bra rtz) 


Unit 


['F Trivial type ~ Trivial pPeaee 


[TrivSAMB-Trivial] 


TF Trivial = Trivial type 


TF sole synth ~ (the Trivial sole) [Pan 
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It is not necessary to have a rule stating that sole is the same Trivial as sole because 
every Trivial is the same as every other by the n-rule. 


TK c=c: Trivial 
Tress tar Saal 
Absurdities 


[+ Absurd type ~+ Absurd [Apar] 


TL AMS wee Cael 


Tite Absurd ~ ¢? Tim type~ m° 
T+ (ind-Absurd tm) synth ~+ (the m° (ind-Absurd t° m 


) [ABSE] 


TF t; = tg : Absurd Tem, =m.:U 


“TF (ind-Absurd 23) = (ind-Absurd t mq) sm *BSSAéE-ind-Absurd] 


The =e1: Absurd = Db cg =e: Absurd 


TF ¢ = ec: Absurd [ABSSAME-n] 
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Universe 


The rules for U work differently from other types. There is a formation rule and a number 
of introduction rules, but there is not an elimination rule that expresses induction the 
way that there is for types such as Nat and families such as Vec. 


Instead of an elimination rule, a U/ is used by placing it in a context where a type is 
expected, because one way to check that an expression is a type is by checking that it 
is a UW. Similarly, to check that two expressions are the same type, one can check that 
they are the same UW. 


Treeurvu TEX=Y:U 


eB Ue _ ae as Spt 
ihigese Trreree 


The formation rule for U/ is akin to types that take no arguments: Atom, Nat, Trivial, 
and Absurd. 


[UF] [USAME-U] 


THU type~U TKU=U type 


{UIL-1] [USAME-Atom] 


TF Atom synth ~ (the / Atom) T+ Atom = Atom: U 


TFKAEU~ A? Te: Aor DEUA+ D? 


TF (= (@A)) D) synth ~ (the (= (@ A) Dy) UE 


PRACUS A? Tyr: APh(E (ei Ai) «- (tn An) DNEUMZ yy 
TF (© (@ A) (a At) --- @n An) D) synth~ (the © (@ A) 2) UE 


TRFAECU~ A? TF fresh ~ x T,c: A°-/DEU~ D 


TF (Pair A D) synth ~ (the & (= ((« A’) D)) (ta) 
TEA, =Ao:U T,a:A,- Dy =Do2:U 
USAME-X 
TE (= ((x Ai)) Di) = (= ((a Ap) Do) :U [ 
PREXEUYX® Pa: X°FREUR (UL) 


TE (MN ((@ X)) R) synth ~ (the U (I ((« X°)) R)) 
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TEXE€UX® Da: Xb (Ml (ay X1) «.. (an Xn)) R) EUW R? 
PE (Ml ((@ X) (a1 Xi) ... (tn Xn)) R) synth ~ (the U (Ml ((« X°)) R%)) 


[UI-6] 


TREX €U~+> xX? [+ fresh ~ x Tyo: X°F REWs RK 


TH (> X R) synth~ (the U (N ((x X°)) R°)) [UL-7] 


TREX €u~ XxX° 

[ fresh ~ x 

Tr: X°FH(9X1 ... X_, R)EU~ R? 
TH(3 XX ... Xn R) synth ~ (the U (Nl ((a# X°)) R° 


D [UL8] 


TEX, =Xe:U Twa: Xi Yi =Yo:U 
PE ( ((@ X1)) Yi) = (Ml ((@ X2)) Yo) :U 


[USAME-I] 


j {UI-9] (USAME-Nat] 


T+ Nat synth ~ (the U/ Nat TF Nat = Nat :U 


ThE eEuU~ E° 
TF (List 2) synth ~ (the UY (List E° 


y WUrt0) 


TREE, =F2:U 4% 
TPs l= Let er Pe 
TKEECUNE® THLENat 2? 
TF (vec B 8) synth-~ (the &/ (Vec B® £°)) 


[UL-11] 


[+t By = £2:U TH & = ¢ : Nat 


arr i a ar ora 9 = 
Thin Ashen ha Covel 


TREX €uU~ Xx? T+ from € X° ~ from? Tk toe X°~ to?’ 
[+ (=X from to) synth~ (the U (= X° from? to”)) 


[(UL-12] 
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TEX, =X2:U [ from = from, : X, TF to, = toe 


7X1 


TH (= X, from to) = (= X2 frome tor) :U 


TKP,=P2:U TES, =52:U 
[Fr (Either Py $;) = (Either P2 S2):U 


TREPEU~ P? CTrFSEU~S? [ 
[} (Either P S) synth ~ (the YU (Either P° S°)) 


(UL-14] 


TF Trivial synth ~ (the UY Trivial) 


Trine ree al 


-15 
T+ Absurd synth ~ (the U/ Absurd) [UI-15] 


Thien seer Oe) 
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(USAME-=] 


[USAME-Either] 


UL-13] 
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The Grammar of Pie 


392 


(the e e) 

x 

Atom 

‘fsym| 

(Pair e e) 

(E ((ee)*) e) 
(cons e e) 
(car e) 

(cdr e) 

(— eet) 

(M1 ((x e)*) e) 
Q (z*) &) 


(which-Nat e ¢ e) 
(iter-Nat € € e) 
(rec-Nat ¢ © ©) 
(ind-Nat ¢ ¢ ¢ e) 
(List e) 

nil 

(sve e) 
(rec-List © e ) 
(ind-List e © ¢ e) 
(Vec e e) 

vecnil 

(vec:: € e) 
(head e) 

(tail e) 

(ind-Vec ¢ ee € e) 
(= eee) 

(same ¢) 

(symm e) 

(cong e e) 
(replace ¢ e e) 
(trans e e) 
(ind-= e € e) 
(Either e e) 

(left €) 

(right e) 
(ind-Either e € € e) 
Trivial 

sole 

Absurd 
(ind-Absurd e ¢) 
u 


Type annotation 
Variable reference 

Atom type 

Atom literal 
Non-dependent. pair type 
Dependent pair type 
Pair constructor 

First projection 

Second projection 
Non-dependent function type 
Dependent: function type 


Functions 
Application 

Natural number type 
Zero 

Successor 


Natural number literal 

Case operator on natural numbers 
Simply-typed iteration on natural numbers 
Simply-typed recursion on natural numbers 
Induction on natural numbers 
List type 

Empty list 

List expansion 

Simply-typed list recursion 
Induction on lists 

Length-indexed vector type 
Empty vector 

Vector extension 

Head of a vector 

Tail of a vector 

Induction on vectors 

Equality type 

Reflexivity of equality 

Symumetry of equality 

Equality is a congruence 
Transportation along equality 
Transitivity of equality 

Induction on equality 

Sum type 

First injection 

Second injection 

Eliminator for sums 

Unit type 

Unit constructor 

Empty type 


Eliminator for empty type (a.k.a. ex falso quodlibet) 


Universe 
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The Grammar of Core Pie 


The main differences between Pie and Core Pie are that Core Pie does not have some 
of the features found in Pie: digits for natural numbers, the type constructors —> and 
Pair, and functions that can be applied to more than one argument. Additionally, non- 
dependent eliminators require extra type information in Core Pie, because they do not 
have a motive. In this grammar, gray highlights indicate modifications from Pie. 


c n= (the cc) Type annotation 
r Variable reference 
Atom Atom type 
‘[sym] Atom literal 
(Z ((@ e)) ©) Dependent pair type 
(cons ¢ ¢) Pair constructor 
(car ¢) First projection 
(cdr e) Second projection 
(n ((@@) e) Dependent function type 
(X (2) ¢) Functions 
(ee) Application 
Nat Natural number type 
zero Zero 
(addi ¢) Successor 


(which-Nat ¢ (the cc) c) 
(iter-Nat c (the ¢ €) c) 
(rec-Nat c (the c c) c) 
(ind-Nat ¢ ¢ ¢ c) 


(rec-List ¢ (the ¢ ¢) ¢) 
(ind-List ¢ ¢ ¢ ¢) 
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Case operator on natural numbers 
Simply-typed iteration on natural numbers 
Simply-typed recursion on natural numbers 
Induction on natural numbers 


(List ¢) List. type 
nil Empty list 
(st ee) List expansion 


Simply-typed list recursion 
Induction on lists 


(Vec ¢ c) Length-indexed vector type 
vecnil Empty vector 

(vecz: cc) Vector extension 

(head e) Head of a vector 

(tail c) Tail of a vector 

(ind-Vec ce ¢ cc) Induction on vectors 
(66) Equality type 


Reflexivity of equality 
Symmetry of equality 

Equality is a congruence 
Transportation along equality 


(trans ¢ c) Transitivity of equality 
(ind-= c cc) Induction on equality 
(Either ¢ c) Sum type 

(left c) injecti 

(right c) 

(ind-Either c c cc) Eliminator for sums 
Trivial Unit type 

sole Unit constructor 
Absurd Empty type 
(ind-Absurd ¢ ¢) Eliminator for empty type (a.k.a. ex falso quodlibet) 
u Universe 
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Afterword 


Well, that was fun, and now I’m full, and so are you. I was a Little Lisper once; now [’'m 
a Typer, too. Types provide the means to put the meaning on machines, to program 
computation as an act of explanation. How is doing doing good? (How is lunch made 
out of food?) When are lurking loop instructions struck from structural inductions? A 
strong introduction, a sweet reduction, rich and warm: the chefs are on joyous normal 
form. 

Pairs and atoms made my cradle. Pattern matching filled my youth. Now my 
kitchen’s rich with L, poaching pairs of things with truth. Cookery: it’s not just flattery. 
Who’s the pudding kidding without the proof? It takes M to make a promise and a 
promise to make trust, to make windows you can see through and build gates that do 
not rust. Here is Pie for Simple Simon: the faker at the fair went bust. I would serve 
Pie to my father, but he’s dust. 

Atoms offer difference in the act of giving name. = transubstantiates two types 
which mean the same. Absurd is just another word for someone else to blame. Time 
flies like an —>. Pairs share out space. A Universal type of types unites the human race. 
But what on earth do we think we’re doing in the first place? What’s our game? We 
have the ways of making things, but things are evidence. Perhaps, one day, the thing 
we'll make is sense. 


Conor McBride 
Glasgow 
February, 2018 


Afterword 395 


prior permission, Violators will be prosecuted. 


Ce, 


= 


prior permission. Violators will be prosecuted. 


~~, see bent arrow 
‘nil, 109 
‘&toyov, 4 
*, 85, 88 
+, 75, 76 
+1=add1, 180 
+two-even, 267, 269, 270 
—, 36 
application, 34 


a, 36 
— and Mf, 138 
, 109 
x-fun, 261 
s-plattar, 258 
=, 174 
cong, 189 
replace, 197 
same, 178 
symm, 217 


=consequence, 318, 320 
=consequence-same, 320), 321 


Abel, Andreas, 366 
abstract over constant, 185 
Absurd, 317 

ind-Absurd, 304 
ackermann, 277 
Ackermann, Wilhelm, 77, 277 
add1, 19 
add1-even odd, 273 
add1-not-zero, 350 
add1-odd- even, 274, 276 
add1+=+add1, 205, 207 
Agda, 357 
a-conversion, 101 
also-rec-Nat, 150 
append, 121, 122 
application, see function 
argument 

implicit, 359 
argument name, 99 
Atom, 3 
atom, 3 


Index 


base, 78 
base-double-Vec, 214 
base-drop-last, 159 
base-incr=add1, 185 
base-last, 151, 152 
base-list> vec, 239 
base-list> veclist=, 256 
base-vec-ref , 309 
bent arrow, 363 
Berger, Ulrich, 366 
BHK, 177 
bidirectional type checking, 363 
body 

of [-expression, 99 
both-left, 315 
Brouwer, L. E. J., 177 


canonical, 22 
car, 6 
Carefully Choose Definitions, 270 
cdr, 6 
checking, type, 363 
Child, Julia, 30 
Church, Alonzo, 37 
Claims before Definitions, 20 
Commandments 
Absurdities, 303 
add1, 26 
cong, 194 
cons, 222 
First, 15 
Second, 44 
define, 43 
ind-Either 
First, 282 
Second, 283 
ind-List 
First, 238 
Second, 238 
ind-Nat 
First, 148 
Second, 148 
ind-Vec 
First, 250 
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Second, 251 
iter-Nat 
First, 73 
Second, 73 
x 
Final First, 139 
Final Second, 140 
Initial First, 38 
Initial Second, 38 
Neutral Expressions, 42 
rec-List 
First, 116 
Second, 116 
rec-Nat 
First, 89 
Second, 89 
sole, 296 
symm, 217 
the, 66 
Tick Marks, 6 
which-Nat 
First, 48 
Second, 48 
zero, 26 
computation rule, 368 
concat, 124 
conclusion, 364 
condiments, 115 
cong, 189, 197, 257 
diagram, 190 
cons, 6 
consistent renaming, 101 
constructor, 21, 23 
data, 54 
type, 54 
Constructors and Eliminators, 33 
context, 364, 365 
empty, 364 
extension, 364 
lookup in, 370 
conversion, 366 
a, 101 
Coq, 357 
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Coquand, Thierry, 358 
Core Pie, 363, 393 

Curry, Haskell B., 88, 175 
Currying, 90 
‘coeurs-d-artichauts, 4 


dashed box, 20 
data constructor, 54 


de Bruijn, Nicolaas Govert, 175 


Dec, 340 
dec-add1=, 352, 354 
define, 20 


Law and Commandment, 43 


Definitions Are Forever, 28 


Definitions Are Unnecessary, 58 


dependent function type, 98 
Dependent Type, 143 
dependent type, 143 
Dickson, David C., 123 
Dim Names, 47 
disjointness 

of Nat constructors, 326 
donut-absurdity, 327 
double, 203 
double-Vec, 214, 215 
drinks, 245 
drop-last, 159, 161 
Dybjer, Peter, 357 


Either, 279 
ind-Either, 280 
left, 279 
right, 279 
elaboration, 363 
elim-Pair, 103 
elim-Pear, 58 


Eliminating Functions, 34 


elimination rule, 368 
eliminator, 33 
equality, 174 

rrrule, 183, 368 
evaluation, 24 

Even, 265 
even-or-odd, 283, 287 


Index 
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every, 177 head, 133 
Every U Is a Type, 55 Heyting, Arend, 177 
Everything Is an Expression, 25 hidden arguments, 359 
ex falso quodlibet, 317 Hilbert, David, 77 
excluded middle, 335 Howard, William Alvin, 175 
expectations, 109 
expression. Idris, 357 

neutral, 182 “Tf? and “Then” as Types, 187 
extrinsic, 253 ill-typed, 15 

Imagine That ..., 322 

factorial, 90 implicit arguments, 359 
fadd1, 308 incr, 171 
Felleisen, Matthias, 363 incr=add1, 181, 192 
Feys, Robert, 175 ind-=, 385 
fika, 253 ind-Absurd, 304 
Fin, 305, 306 ind-Either, 280 
Findler, Robert Bruce, 363 ind-List, 235 
first, 136-138, 140 ind-Nat, 144 
first-of-one, 133, 134 ind-Nat’s Base Type, 153 
first-of-three, 135 ind-Nat’s Step Type, 155 
first-of-two, 134 ind-Vec, 246 
five, 44 index 
Flatt, Matthew, 363 of family of types, 247, 357 
flip, 98 recursive, 396 
forever, 52 induction 
formation rule, 368 path, 385 
forms of judgment, 5, 9, 363 Induction on Natural Numbers, 
four, 21 149 
fresh variable, 365 inductive datatypes, 357 
FROM, 174 inference rules, 364 
front, 328, 333 intrinsic, 253 
Fun, 315 introduction rule, 368 
function, 33 t, see rule, computation 

eliminator for, 34 iter-List, 123 

total, 71 iter-Nat, 72 
fzero, 307 

J, 385 
T, see context judgment, 4 
gauss, 49, 69, 83 form of, 5, 9 
Gauss, Carl Friedrich, 49 internalizing, 179 
Girard, Jean-Yves, 55 presupposition of, 10 
sameness, 6 

Hardy, Godfrey Harold, 18 sameness vs. equality, 176 
Harper, Robert, ix, 363 just, 297 
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kar, 94, 103 

kartoffelmad, 115, 125 
kdr, 95, 103 

Kolmogorov, Andrey, 177 


r, 34 

last, 151, 157 

Laws 
=, 174 
Absurd, 302 
Application, 38, 100, 139 
Atom, 8 
cong, 190 
define, 43 
Either, 279 
ind-Absurd, 304 
ind-Either, 282 
ind-List, 237 
ind-Nat, 147 
ind-Vec, 248 
iter-Nat, 73 


List, 110 
nil, 113 
n, 136 
rec-List, 116 
rec-Nat, 89 
Renaming Variables, 39 
replace, 199 
right, 280 
same, 178 
xX, 222 
sole, 296 
symm, 217 
the, 64 
Tick Marks, 4 
Trivial, 296 
Vec, 131 
vecnil, 131 
which-Nat, 48 

Lean, 357 

left, 279 

Leibniz's Law, 197 
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Leibniz, Gottfried Wilhelm, 197 
length, 117-119 
length-Atom, 119 
length-treats=, 259 
Lisp 

cons, 7, 14 

eq, 14 

gensym, 365 
List, 109 

3, 109 

ind-List, 235 

nil, 109 

rec-List, 114 
List Entry Types, 120 


list vec, 226, 229, 231, 234, 235, 242 


list veclist=, 255, 261 
list-ref, 299, 300 
lekker, 115 


Magritte, René Francois Ghislain, 107 


make-step-*, 85 
Martin-Léf, Per, 4, 385 
Maybe, 296 
maybe-head, 297, 298 
maybe-tail, 298 
McBride, Conor, 145, 395 
menu, 301 

Milner, Robin, 359 
more-expectations, 219 
mot-add1+=+add1, 205 
mot-double-Vec, 214 
mot-drop-last, 160 
mot-even-or-odd, 283 
mot-front, 330 
mot-incr=add1, 185 
mot-last, 153 

mot-list> vec, 240 
mot-list> vec list=, 256 
mot-nat=?, 347 
mot-peas, 145 
mot-replicate, 233 
mot-step-incr=add1, 202 
mot-step-twice=double, 211 
mot-twice=double, 208 


Index 
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mot-vec—list, 254 parameter 
mot-vec-append, 250, 251 of family of types, 247, 357 
motive, 145 pattern matching, 358 
Paulin-Mohring, Christine, 385 
Names in Definitions, 46 Peano, Giuseppe, 19 
Nat, 18 Pear, 55 
add1, 19 Pear-maker, 58 
ind-Nat, 144 pearwise+, 60 
iter-Nat, 72 peas, 143, 149 
rec-Nat, 77 pem, 340 
which-Nat, 46, 72 pem-not-false, 336, 339 
zero, 19 n, 98 
nat=?, 346, 355 application, 100 
natural number, 18 body, 99 
NbE, see normalization by evaluation a, 99 
Neutral Expressions, 182 Pierce, Benjamin C., 363, 367 
neutral expressions Pollack, Randy, 359 
definition, 182 premise, 364 
nil, 109 presupposition, see judgment 
no confusion primitive recursion, 77 
between Nat constructors, 326 principle of explosion, 317 
normal, 12 proof 
normal form, 12, 366 extrinsic, 253 
rrlong, 183 intrinsic, 253 
Normal Forms, 13 proposition, see statement 
of Types, 16 
Normal Forms and Types, 14 Ramanujan, Srinivasa, 18 
normalization by evaluation, 366 Readable Expressions, 160 
nothing, 297 reading back, 366 
Reading FROM and TO as Nouns, 
Observation about +, 210 174 
Observation about incr, 189 rec-List, 114 
Odd, 271 rec-Nat, 77 
one, 20 recursion 
one-is-odd, 272 primitive, 77 
one-not-six, 328 repeat, 277 
replace, 197 
Péter, Rézsa, 77 replicate, 232, 233 
Pair, 6, 30 rest, 141 
car, 6 reverse, 124, 125 
cdr, 6 right, 279 
cons, 6 rugbrod, 112 
pair, 7 rule 
palindrome, 225 computation, 368 
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elimination, 368 

n; 183, 368 

formation, 368 
inference, 364 
introduction, 368 

t, see rule, computation 
samenenss, 368 


Russell, Bertrand, 55, 175 


same, 178 
same-as chart, 69 
Sameness, 70 
sameness, 6 
tule, 368 
vs. equality, 176 
Sameness versus Equality, 323 
sandwich, 195 
Sch6énfinkel, Moses Ilyich, 88 
Schwichtenberg, Helmut, 366 
Zr, 220 
car, 228 
cdr, 228 
cons, 220 
similarly-absurd, 303 
snoc, 123, 124 
sole, 318 
Solve Easy Problems First, 216 


Some Books You May Love, 361 


Southey, Robert, 243 
statement, 175 
decidable, 340 
Steele, Guy L, 80 
step, 78 
step-*, 85, 86 
step-+, 75 
step-add1+=+add1, 206 
step-append, 121, 122 
step-concat, 124 
step-double-Vec, 215 
step-drop-last, 160, 161 
step-even-or-odd, 284, 286 
step-front, 331, 332 
step-gauss, 82 
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step-incr=add1, 188, 189, 191, 199, 200, 


202 

step-last, 156 
step-length, 118 
step-list+vec, 227, 229, 240 
step-list+ vec list=, 256, 261 
step-list-ref , 299, 300 
step-nat=?, 348, 354 
step-peas, 147 
step-replicate, 233 
step-reverse, 125 
step-taut, 315 
step-twice=double, 208, 211, 212 
step-vecslist, 254 
step-vec-append, 252 
step-vec-ref, 310, 311 
step-zerop, 80 
sub1-=, 327 
substitution 

capture-avoiding, 372 
Sudan, Gabriel, 77 
Sussman, Gerald J., 80 
swap, 96, 104 
symm, 217 
synthesis, type, 363 


tactics, 359 

tail, 133 

target, 78 

taut, 315 

tertium non datur, 335 
the, 63, sce also type annotation 
thirteen-is-odd, 272 
thirty-seven-entries, 234 
tick mark, 3 

TO, 174 

TODO, 165 

toppings, 115 

Total Function, 71 
total function, 71 
trans, 385 

treat-proof , 258 
Treat-Statement, 258 
treats, 245 
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Trivial, 318 
sole, 318 
Turner’s Teaser, 315 
Turner, David A., 315 
Turner, David N., 367 
twice, 203 
twice-Vec, 213, 216, 217 
twice=double, 203, 207, 212 
twice=double-of-17, 212 
twice=double-of-17-again, 212, 213 
twin, 106 
twin-Atom, 105, 106 
twin-Nat, 105 
Two, 315 
two, 20 
two-is-even, 271 
type, 8 
checking, 363 
dependent, 143 
equality, 174 
identity, 174 
synthesis, 363 
type annotation, 64 
type checking, bidirectional, 363 
type constructor, 30, 54 
Type Values, 53 


UY, 53 

unit type, 295 

universe, 53, 

universes, hierarchy of, 357 

Use a More Specific Type, 137 


Index 


for Correctness, 231 


Use ind-Nat for Dependent Types, 


145 
use-Nat=, 324, 325 


value, 22 
Values, 22 
Values and Normal Forms, 24 
variable 
fresh, 365 
Vec, 129 
head, 133 
ind-Vec, 246 
tail, 133 
vec::, 130 
vecnil, 130 
vec—list, 254 
vec-append, 245, 252 
vec-ref, 308, 311 
vec::, 130 
vecnil, 130, 132 
vegetables, 43 


When in Doubt, Evaluate, 260 
which-Nat, 46, 72 
Whitehead, Alfred North, 175 


zero, 19 
zero-is-even, 266 
zero-not-add1, 326 
zero?, 343, 345 
zerop, 80 
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